2023/0205(COD) Framework for Financial Data Access
Lead committee dossier:
Progress: Awaiting committee decision
| Role | Committee | Rapporteur | Shadows |
|---|---|---|---|
| Lead | ECON |
HOOGEVEEN Michiel ( ECR)
|
FITZGERALD Frances ( EPP),
HEINÄLUOMA Eero ( S&D),
KOVAŘÍK Ondřej ( Renew),
NIINISTÖ Ville ( Verts/ALE)
|
| Committee Opinion | LIBE |
Lead committee dossier:
Legal Basis:
TFEU 114
Legal Basis:
TFEU 114Subjects
Events
2024/04/18
EP - Vote in committee, 1st reading
2024/02/02
EP - Amendments tabled in committee
Documents
2024/02/02
EP - Amendments tabled in committee
Documents
2023/12/13
EP - Committee draft report
Documents
2023/12/13
ESC - Economic and Social Committee: opinion, report
Documents
2023/11/14
CZ_CHAMBER - Contribution
Documents
2023/10/19
EP - Committee referral announced in Parliament, 1st reading
2023/08/22
EDPS - Document attached to the procedure
Documents
2023/07/19
EP - HOOGEVEEN Michiel (ECR) appointed as rapporteur in ECON
2023/06/29
EC - Document attached to the procedure
Documents
2023/06/29
EC - Document attached to the procedure
Documents
2023/06/29
EC - Document attached to the procedure
Documents
2023/06/28
EC - Legislative proposal published
Details
PURPOSE: to establish a framework for responsible access to individual and business customer data across a wide range of financial services (open finance).
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: a responsible data economy, which is driven by the generation and use of data, is an integral part of the Union internal market that can bring benefits to both Union citizens and the economy. Digital technologies relying on data are increasingly driving change in financial markets by producing new business models, products and ways for firms to engage with customers.
Customers of financial institutions, both consumers and firms, should have effective control over their financial data and the opportunity to benefit from open, fair, and safe data-driven innovation in the financial sector. Those customers should be empowered to decide how and by whom their financial data is used and should have the option to grant firms access to their data for the purposes of obtaining financial and information services should they wish.
A dedicated and harmonised framework for access to financial data is therefore necessary at Union level to respond to the needs of the digital economy and to remove barriers to a well-functioning internal market for data. Specific rules are required to address these barriers to promote better access to customer data and hence make it possible for consumers and firms to realise the gains stemming from better financial products and services. Data-driven finance would facilitate industry transition from the traditional supply of standardised products to tailored solutions that are better suited to the customers’ specific needs, including improved customer facing interfaces that enhance competition, improve user experience and ensure financial services that are focused on the customer as the end user.
CONTENT: the proposed Regulation establishes rules on the access, sharing and use of certain categories of customer data in financial services . It also establishes rules concerning the authorisation and operation of financial information service providers.
The general objective of this proposal is to improve economic outcomes for financial services customers (consumers and businesses) and financial sector firms by promoting digital transformation and speed up adoption of data-driven business models in the EU financial sector.
The proposed Regulation will apply to following categories of customer data on:
- mortgage credit agreements , loans and accounts , except payment accounts as defined in the Payment Services Directive (EU) 2015/2366, including data on balance, conditions and transactions;
- savings , investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;
- pension rights in occupational pension schemes;
- pension rights on the provision of pan-European personal pension products;
- non-life insurance products, except for sickness and health insurance products;
- data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process or a request for a credit rating.
This proposal will establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts, namely:
- possibility but no obligation for customers to share their data with data users (e.g. financial institutions or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice);
- obligation for customer data holders (e.g. financial institutions) to make this data available to data users (e.g. other financial institutions or fintech firms) by putting in place the required technical infrastructure and subject to customer permission;
- full control by customers over who accesses their data and for what purpose to enhance trust in data sharing, facilitated by a requirement for dedicated permission dashboards and strengthened protection of customers' personal data in line with the General Data Protection Regulation (GDPR);
- standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users must become members;
- clear liability regimes for data breaches and dispute resolution mechanisms as part of financial data sharing schemes so that liability risks do not act as a disincentive for data holders to make data available;
- additional incentives for data holders to put in place high-quality interfaces for data users through reasonable compensation from data users in line with the general principles of business-to-business (B2B) data sharing laid down in the Data Act proposal (and smaller firms will only have to pay compensation at cost).
In practice, this proposal will lead to more innovative financial products and services for users and it will stimulate competition in the financial sector. For example, consumers will benefit from improved personal finance management and advice. Previously burdensome processes such as comparison services or switching to a new product will become smoother and cheaper, including for example, automated processing of mortgage applications. SMEs would also be able to access a wider range of financial services and products, such as more competitive loans resulting from their creditworthiness data being more easily accessible.
Documents
Documents
- Amendments tabled in committee: PE758.857
- Amendments tabled in committee: PE758.858
- Committee draft report: PE757.355
- Economic and Social Committee: opinion, report: CES3611/2023
- Contribution: COM(2023)0360
- Document attached to the procedure: OJ C 000 20.11.2023, p. 0000
- Document attached to the procedure: N9-0090/2023
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SEC(2023)0255
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2023)0224
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2023)0230
- Legislative proposal published: COM(2023)0360
- Legislative proposal published: EUR-Lex
- Document attached to the procedure: EUR-Lex SEC(2023)0255
- Document attached to the procedure: EUR-Lex SWD(2023)0224
- Document attached to the procedure: EUR-Lex SWD(2023)0230
- Document attached to the procedure: OJ C 000 20.11.2023, p. 0000 N9-0090/2023
- Committee draft report: PE757.355
- Economic and Social Committee: opinion, report: CES3611/2023
- Amendments tabled in committee: PE758.857
- Amendments tabled in committee: PE758.858
- Contribution: COM(2023)0360
| Amendments | Dossier |
| 433 |
2023/0205(COD)
2024/02/02
ECON
433 amendments...
Amendment 156 #
Proposal for a regulation Recital 1 (1) A responsible data economy, which is driven by the generation and use of data, is an integral part of the Union internal market that can bring benefits to both Union citizens and the economy. Digital technologies relying on data are increasingly driving change in financial markets by innovating, producing new business models, products and ways for firms to engage with customers.
Amendment 157 #
Proposal for a regulation Recital 3 (3) The Union has a stated policy interest in enabling access of customers of financial institutions to their financial data. The Commission confirmed in its communication on a digital finance strategy and Communication on a capital markets union adopted in 2021 an intention to put in place a framework for financial data access to reap the benefits for customers of
Amendment 158 #
Proposal for a regulation Recital 3 (3) The Union has a stated policy interest in enabling access of customers of financial institutions to their financial data. The Commission confirmed in its communication on a digital finance strategy and Communication on a capital markets union adopted in 2021 an intention to put in place a framework for financial data access to reap the benefits for customers of data sharing in the financial sector. Such benefits include the development and provision of data-driven financial products and financial services, made possible by the sharing of customer data. In order to actualise these benefits, financial institutions should have the possibility of developing and providing tailor-made and data-driven financial products and services for customers based on the sharing of customer data with their consent.
Amendment 159 #
Proposal for a regulation Recital 4 (4) Within financial services, and as a result of the revised Directive (EU) 2015/2366 of the European Parliament and of the Council7 , the sharing of payments account data in the Union based on customer permission has begun to transform the way consumers and businesses use banking services. In order to build upon the measures in that Directive, a regulatory framework should be established for the sharing of customer data, which have been derived from financial services provided in the Union, across the financial sector beyond payment account data. This should also be a building block for fully integrating the financial sector into the Commission’s strategy for data8 which promotes data sharing across sectors.
Amendment 160 #
Proposal for a regulation Recital 4 a (new) (4 a) It should be noted that the costs of implementation of provisions to enable Open Banking through PSD II were high for the sector, particularly smaller actors. While the Directive has allowed the development of new and innovative offerings to customers, a cost-benefit analysis is essential to ensure that the expansion of Open Banking to Open Finance is not prohibitive to firms, particularly smaller firms.
Amendment 161 #
Proposal for a regulation Recital 4 a (new) (4 a) This Regulation should only apply to financial data falling outside of the scope of the ‘open banking’ provisions under the Regulation (EU) [XXXX/XXXX] of the European Parliament and of the Council (PSR/PSD3).
Amendment 162 #
Proposal for a regulation Recital 5 (5) Ensuring customer control and trust is imperative to build a well-functioning and effective data sharing framework in the financial sector. Ensuring effective customers’ control over data sharing contributes to innovation as well as customer confidence and trust in data sharing. As a result, effective control may help
Amendment 163 #
Proposal for a regulation Recital 6 (6) The Union’s financial data economy therefore remains fragmented, characterised by uneven data sharing, barriers, and high stakeholder reluctance to engage in data sharing beyond payments accounts. Customers accordingly do not benefit from individualised, data-driven products and services that may fit their specific needs. The absence of personalised financial products limits the possibility to innovate, by offering more choice and financial products and services for interested consumers who could otherwise benefit from data-driven tools that can support them to make informed choices, compare offerings in a user-friendly manner, and switch to more advantageous products that match their preferences based on their data. The existing barriers to business data sharing are preventing firms, in particular SMEs,
Amendment 164 #
Proposal for a regulation Recital 6 a (new) (6 a) The sharing of data should seek to enhance innovation, benefit customers, and to provide innovative personalised financial products or services based, where appropriate, on clear use cases. Examples may include: improving the mortgage credit market for consumers by ensuring choices that better suit the consumer's needs or personal circumstances; facilitating the provision of high-quality financial advice to customers; utilising energy efficiency, energy consumption and climate data to provide new financial services to consumers; developing vehicle data sharing frameworks so that insurers, among other stakeholders, can offer innovative products, reduce damages, help improve road safety and eco-friendly mobility, and stimulate future technological developments.
Amendment 165 #
Proposal for a regulation Recital 7 (7) Making data available by way of high-quality technical interfaces like application programming interfaces is essential to facilitate seamless and effective access to data. Beyond the area of payment accounts, however, only a minority of financial institutions that are data holders indicate that they make data available through technical interfaces like application programming interfaces. As incentives to develop such innovative services are absent, market demand for data access remains limited. To foster efficient data sharing, data holders and data users should make use of existing application programming interfaces infrastructures and common standards as mandated under Directive (EU) 2015/2366 and Commission Delegated Regulation (EU) 2018/389.
Amendment 166 #
Proposal for a regulation Recital 8 (8) A dedicated and harmonised framework for access to financial data is therefore
Amendment 167 #
Proposal for a regulation Recital 9 (9) The data included in the scope of this Regulation should demonstrate high value added for financial innovation as well as low financial exclusion risk for consumers. This Regulation should therefore not cover data related to the sickness and health insurance of a consumer in accordance with Directive 2009/138/EC of the European Parliament and of the Council10 as well as data on life insurance products of a consumer in accordance with Directive 2009/138/EC other than life insurance contracts covered by insurance-based investment products. This Regulation should also not cover data collected as part of a creditworthiness assessment
Amendment 168 #
Proposal for a regulation Recital 9 (9) The data included in the scope of this Regulation should demonstrate high value added for financial innovation as well as low financial exclusion risk for consumers. This Regulation should therefore not cover data related to the sickness and health insurance of a consumer in accordance with Directive 2009/138/EC of the European Parliament and of the Council10 as well as data on life insurance products of a consumer in accordance with Directive 2009/138/EC other than life insurance contracts covered by insurance-based investment products. This Regulation should also not cover data collected as part of a creditworthiness assessment of a consumer. The sharing of customer data in the scope of this Regulation should respect the protection of confidential business data
Amendment 169 #
Proposal for a regulation Recital 9 a (new) (9 a) For the purpose of the provision of financial services and product in scope of this Regulation, data holders and data users should comply with existing Union rules and guidelines regarding the access to and use of personal data.
Amendment 170 #
Proposal for a regulation Recital 10 (10) The
Amendment 171 #
Proposal for a regulation Recital 10 (10) The
Amendment 172 #
Proposal for a regulation Recital 10 (10) The
Amendment 173 #
Proposal for a regulation Recital 10 (10) The sharing of the customer data in the scope of this Regulation should be based on the permission of the customer. The legal obligation on data holders to share customer data should be triggered once the customer has requested their data to be shared with a data user.
Amendment 174 #
Proposal for a regulation Recital 10 (10) The sharing of the customer data in the scope of this Regulation should be based on the permission of the customer. The legal obligation on data holders to share customer data should be triggered once the customer has requested their data to be shared with a data user. This request can be submitted by a data user acting on behalf of the customer where permission has explicitly been granted. Where the processing of personal data is involved, a data user should have a valid lawful basis for processing under Regulation (EU) 2016/679. The customers data can be processed for the agreed purposes in the context of the service provided. The processing of personal data must respect the principles of personal data protection, including lawfulness, fairness and transparency, purpose limitation and data minimisation. A customer has the right to withdraw the permission given to a data user at any time. When data processing is necessary for the performance of a contract, a customer should be able to withdraw permissions according to the contractual obligations to which the data subject is party. When personal data processing is based on consent, a data subject has the right to withdraw his or her consent at any time, as provided for in Regulation (EU) 2016/679.
Amendment 175 #
Proposal for a regulation Recital 10 a (new) (10 a) The sharing of customer data, based on the consent of the customer, would empower in particular the customer to have access to a wider range of financial services goods and services. It would provide the possibility for consumers to benefit from the opening of the Single Market to increased access of retail financial services products from other Member States. This in turn should lead to the availability of more competitive, consumer-focused and cheaper financial services and products.
Amendment 176 #
Proposal for a regulation Recital 10 b (new) (10 b) This regulation should be implemented according to the standards of existing and future EU law in the area of privacy and data protection, as well as the values of the Single Market. Therefore, undertakings designated as gatekeepers under Regulation (EU) 2022/1925 of the European Parliament and of the Council should not be ineligible data users under this Regulation.
Amendment 177 #
Proposal for a regulation Recital 11 (11) Enabling customers to share their data on their current investments can encourage innovation in the provision of retail investment services. Primary data collection to complete a suitability and appropriateness assessment of a retail investor is time-intensive for a customer and constitutes a significant cost factor for advisors and distributors of investment, pension, and insurance-based investment products. The
Amendment 178 #
Proposal for a regulation Recital 11 (11) Enabling customers to share their data on their current investments can encourage innovation in the provision of retail investment services.
Amendment 179 #
Proposal for a regulation Recital 12 (12) Customer data on balance, conditions or transaction details related to mortgages, loans and savings can enable customers to gain a better overview of their deposits and better meet their savings needs based on credit data. This Regulation should cover customer data beyond payment accounts defined in Directive (EU) 2015/2366
Amendment 180 #
Proposal for a regulation Recital 13 Amendment 181 #
Proposal for a regulation Recital 13 (13) The customer data included in the scope of this Regulation should include sustainability-related information that should enable customers to more easily access financial services that are aligned with their sustainability preferences and sustainable finance needs, in line with the Commission’s strategy for financing the transition to a sustainable economy12 . Access to data relating to sustainability which may be contained in balance or transaction details related to a mortgage, credit, loan and savings account, as well as access to customer data relating to sustainability held by investment firms, can contribute to facilitating access to data needed to access sustainable finance or make investments into the green transition.
Amendment 182 #
Proposal for a regulation Recital 13 (13) The customer data included in the scope of this Regulation should include sustainability-related information, where applicable, that should enable customers to more easily access financial services that are aligned with their sustainability preferences and sustainable finance needs, in line with the Commission’s strategy for financing the transition to a sustainable economy12 . Access to data relating to sustainability which may be contained in balance or transaction details related to a mortgage, credit, loan and savings account, as well as access to customer data relating to sustainability held by investment firms, can contribute to facilitating access to data needed to access sustainable finance or make investments into the green transition. Moreover, customer data in the scope of this Regulation should include data which forms part of a creditworthiness assessment related to firms, including small and medium sized enterprises, and which can provide greater insight into the sustainability objectives of small firms. The inclusion of data used for the creditworthiness assessment related to firms should improve access to financing and streamline the application for loans. Such data should be limited to data on firms and should not infringe intellectual property rights. _________________ 12 Communication From the Commission to the European Parliament, the Council, the European Economic And Social Committee and the Committee of the Regions, Strategy for Financing the Transition to a Sustainable Economy, COM/2021/390 final
Amendment 183 #
Proposal for a regulation Recital 14 (14) Customer data related to the provision of non-life insurance are essential to enable insurance products and services important to the needs of customer like the protection of homes, vehicles, and other property. At the same time, the collection of such data is
Amendment 184 #
Proposal for a regulation Recital 15 (15) The sharing of data on occupational and personal pension savings
Amendment 185 #
Proposal for a regulation Recital 16 Amendment 186 #
Proposal for a regulation Recital 16 Amendment 187 #
Proposal for a regulation Recital 16 (16) Data which forms part of a creditworthiness assessment of a firm in the scope of this Regulation should consist of information which a firm provides to institutions and creditors as part of the loan application process
Amendment 188 #
Proposal for a regulation Recital 16 a (new) (16 a) Data required to conduct Know- Your-Customer (KYC) processes by financial firms, including small and medium enterprises, can be valuable when onboarding new customers. Therefore, the sharing of such data should significantly contribute to lowering barriers to switching providers and therefore result in increased competition and innovation for financial products and services to the benefit of customers.
Amendment 189 #
Proposal for a regulation Recital 17 (17) As this Regulation is meant to oblige financial institutions to provide access to defined categories of data at the request of the customer when acting as data holders, and allow the sharing of data based on customer permission when financial institutions act as data users, it should provide a list of the financial institutions that may act as either a data holder, a data user or both. Financial institutions should therefore be understood to mean those entities that provide financial products and financial services or offer relevant information services to customers in the financial sector. Data acquired from a third party where the data holder is not the original data holder should not be in the scope of this regulation.
Amendment 190 #
Proposal for a regulation Recital 19 (19) The data use perimeter thus established in this Regulation and in the accompanying
Amendment 191 #
Proposal for a regulation Recital 22 (22) The permission dashboard should display the permissions given by a customer, including when personal data are shared based on consent or are necessary for the performance of a contract. The permission dashboard should warn a customer in a standard way of the risk of possible contractual consequences of the withdrawal of a permission, but
Amendment 192 #
Proposal for a regulation Recital 22 (22) The permission dashboard should display the permissions given by a customer, including when personal data are shared based on consent or are necessary for the performance of a contract. The permission dashboard should warn a customer in a standard way of the risk of possible contractual consequences of the withdrawal of a permission, but the customer should remain responsible for managing such risk. The permission dashboard should be used to manage existing permissions. Data holders should inform data users i
Amendment 193 #
Proposal for a regulation Recital 22 (22) The permission dashboard should display the permissions given by a customer
Amendment 194 #
Proposal for a regulation Recital 22 (22) The permission dashboard should display the permissions given by a customer
Amendment 195 #
Proposal for a regulation Recital 22 (22) The permission dashboard should display the permissions given by a customer, including when personal data are shared based on consent or are necessary for the performance of a contract. The permission dashboard should warn a customer in a standard way of the risk of possible contractual consequences of the withdrawal of a permission, but the customer should remain responsible for managing such risk. The permission dashboard should be used to manage existing permissions. Data holders should inform data users
Amendment 196 #
Proposal for a regulation Recital 23 (23) To ensure proportionality, certain financial institutions are out of the scope of this Regulation for reasons associated with their size or the services they provide, which would make it too difficult to comply with this regulation. These include institutions for occupational retirement provision which operate pension schemes which together do not have more than 15 members in total, as well as insurance intermediaries who are microenterprises or small or medium-sized enterprises. In addition, small or medium-sized enterprises acting as data holders that are within the scope of this Regulation should be allowed to establish an application programming interface jointly, reducing the costs for each of them. They can also avail themselves of external technology providers which run application programming interfaces in a pooled manner for financial institutions and may charge them only a low fixed usage fee and work largely on a pay-per-call basis. Small enterprises should only fall into the scope of this Regulation 12 months after the date of application of this Regulation, due to potentially limited supply and/or high costs of these solutions in the short term.
Amendment 197 #
Proposal for a regulation Recital 23 a (new) (23a) This Regulation sets out a series of requirements, such as the digitisation of data or the provision of data to customers free of charge and in real time, which incur costs for and place burdens on the entities falling under its scope of application. The Commission is therefore urged to conduct an in-depth analysis of the costs to which they give rise so as to ensure that no business is potentially disadvantaged.
Amendment 198 #
Proposal for a regulation Recital 24 (24) This Regulation introduces a new legal obligation on financial institutions, when members of a financial data access scheme are acting as data holders, to
Amendment 199 #
Proposal for a regulation Recital 24 (24) This Regulation introduces a new legal obligation on financial institutions acting as data holders to share defined categories of data at request of the customer in the framework of a financial data sharing scheme. The obligation on data holders to share data at the request of the customer should be specified by making available generally recognised standards to also ensure that the data shared is of a sufficiently high quality. The data holder should make customer data available continuously for the purposes and under the conditions for which the customer has granted permission to a data user. Continuous access could consist of multiple requests to make customer data available to fulfil the service agreed with the customer. It could also consist of a one- off access to customer data. While the data holder is responsible for the interface to be available and for the interface to be of adequate quality, the interface may be provided not only by the data holder but also by another financial institution, an external IT provider, an industry association or a group of financial institutions, or by a public body in a member state. For institutions for occupational retirement provisions, the interface can be integrated into pension dashboards that cover a broader range of information, as long as it complies with the requirements of this Regulation.
Amendment 200 #
Proposal for a regulation Recital 24 a (new) (24a) With a view to ensuring a level playing field and avoiding any competitive disadvantage, entities excluded from the scope of this Regulation shall under no circumstances be obliged to share data collected through their work with data users as defined in this Regulation. This includes, for example, data collected by insurance intermediaries that are SMEs or micro-enterprises for the purposes of either a demands and needs assessment pursuant to Article 20 of Directive (EU) 2016/97 of the European Parliament and Council or an appropriateness and suitability assessment pursuant to Article 30 of said Directive.
Amendment 201 #
Proposal for a regulation Recital 25 (25) In order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions, data holders and data users should be required to be part of financial data
Amendment 202 #
Proposal for a regulation Recital 25 (25) In order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions, data holders and data users should be required to be part of financial data sharing schemes that can be established either on European or national level. These schemes should develop data and interface standards, joint standardised contractual frameworks governing access to specific datasets, and governance rules related to data sharing. In order to ensure that schemes function effectively, it is necessary to establish general principles for the governance of these schemes, including rules on inclusive governance and participation of data holders, data users and customers (to ensure balanced representation in schemes), transparency requirements, and a well-functioning appeal and review procedure (notably around the decision- making of schemes). Financial data sharing schemes must comply with Union rules in the area of consumer protection and data protection, privacy, and competition. The participants in such schemes are also encouraged to draw up codes of conduct similar to those prepared by controllers and processors under Article 40 of Regulation (EU) 2016/679. While such schemes may build upon existing market initiatives, the requirements set out in this Regulation should be specific to financial data sharing schemes or parts thereof which market participants use to fulfil their obligations under this Regulation after the data of application of these obligations.
Amendment 203 #
Proposal for a regulation Recital 25 (25) In order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions, data holders and data users should be required to be part of financial data sharing schemes. These schemes should develop data and interface standards, joint standardised contractual frameworks governing access to specific datasets, and governance rules related to data sharing. In order to ensure that schemes function effectively, it is necessary to establish general principles for the governance of these schemes, including rules on inclusive governance and participation of data holders, data users and customers (to ensure balanced representation in schemes), transparency requirements, and a well-functioning appeal and review procedure (notably around the decision-making of schemes). Financial data sharing schemes must comply with Union rules in the area of consumer protection and data protection, privacy, and competition. The participants in such schemes are also encouraged to draw up codes of conduct
Amendment 204 #
Proposal for a regulation Recital 25 (25) In order to enable the contractual and technical interaction necessary for implementing data access between multiple financial institutions, data holders and data users
Amendment 205 #
Proposal for a regulation Recital 26 b (new) (26 b) In the setting up of financial data access schemes, all parties to the schemes should be involved. Competent authorities on both the European and national level should also be available for consultation by those setting up the schemes, and be ready to offer advice on best practice and examples of other schemes set up during the period running up to the application of this regulation.
Amendment 206 #
Proposal for a regulation Recital 27 Amendment 207 #
Proposal for a regulation Recital 28 (28) Data holders and data users should be allowed to use existing market standards and infrastructures for technical interfaces like application programming interfaces when developing common standards for mandatory data
Amendment 208 #
Proposal for a regulation Recital 28 (28) Data holders and data users should be allowed to use existing market standards and infrastructures for technical interfaces like application programming interfaces when developing common standards for mandatory data
Amendment 209 #
Proposal for a regulation Recital 31 (31) To promote consumer protection, enhance customer trust and ensure a level playing field, it is necessary to lay down rules on who is eligible to access customers’ data. Such rules should ensure that all data users are authorised and supervised by competent authorities. This would ensure that data can be accessed only by regulated financial institutions or by firms subject to a dedicated authorisation as financial information service providers’ (‘FISPs’) which is subject to this Regulation. Eligibility rules on FISPs, are needed to safeguard financial stability, market integrity and consumer protection, as FISPs would
Amendment 210 #
Proposal for a regulation Recital 31 (31) To promote consumer protection, enhance customer trust and ensure a level playing field, it is necessary to lay down rules on who is eligible to access customers’ data. Such rules should ensure that all data users are authorised and supervised by competent authorities. This would ensure that data can be accessed only by regulated financial institutions or by firms subject to a dedicated authorisation as financial information service providers’ (‘FISPs’) which is subject to this Regulation. Eligibility rules on FISPs, are needed to safeguard financial stability, market integrity and consumer protection, as FISPs would provide financial
Amendment 211 #
Proposal for a regulation Recital 31 (31) To promote consumer protection, enhance customer trust and ensure a level playing field, it is necessary to lay down rules on who is eligible to access customers’ data. Such rules should ensure that all data users are authorised and supervised by competent authorities. This would ensure that data can be accessed only by regulated financial institutions or by firms subject to a dedicated authorisation as financial information service providers’ (‘FISPs’) which is subject to this Regulation. Eligibility rules on FISPs, are needed to safeguard financial stability, market integrity and consumer protection, as FISPs would provide financial
Amendment 212 #
Proposal for a regulation Recital 31 (31) To promote consumer protection, enhance customer trust and ensure a level playing field, it is necessary to lay down rules on who is eligible to access customers’ data. Such rules should ensure that all data users are authorised and supervised by competent authorities. This would ensure that data can be accessed only by regulated financial institutions or by firms subject to a dedicated authorisation as financial information service providers’ (‘FISPs’) which is subject to this Regulation. Eligibility rules on FISPs, are needed to safeguard financial stability, market integrity and consumer protection, as FISPs would provide financial
Amendment 213 #
Proposal for a regulation Recital 31 a (new) (31a) Providers of financial information services as defined in this Regulation shall be data users authorised to provide financial information services. Financial information services shall be services provided with the aim of imparting information to customers on financial products falling within the scope of the Regulation. Financial information services may consist, for instance, in analytical, comparative and aggregation activities. The providers of such services shall in no event be authorised to conduct, for example, activities regulated by existing sector-specific financial legislation. These activities shall be carried out by entities regulated by the relevant sector-specific legislation. As such, these providers shall not be authorised, for example, to provide financial advice or to carry out insurance distribution activities regulated under Directive (EU) 2016/97 or Directive 2014/65/EU.
Amendment 214 #
Proposal for a regulation Recital 33 (33) In order to enable effective supervision and to eliminate the possibility of evading or circumventing supervision, financial information service providers must be either legally incorporated in the Union or in case they are incorporated in a third country appoint a legal representative in the Union. An effective supervision by the competent authorities is necessary for the enforcement of requirements under this Regulation to ensure integrity and stability of the financial system and to protect consumers.
Amendment 215 #
Proposal for a regulation Recital 33 (33) In order to enable effective supervision and to eliminate the possibility of evading or circumventing supervision, financial information service providers must
Amendment 216 #
Proposal for a regulation Recital 33 (33) In order to enable effective supervision and to eliminate the possibility of evading or circumventing supervision, financial information service providers must
Amendment 217 #
Proposal for a regulation Recital 33 (33) In order to enable effective supervision and to eliminate the possibility of evading or circumventing supervision, financial information service providers must
Amendment 218 #
Proposal for a regulation Recital 34 (34) A financial information service provider should be authorised in the jurisdiction of the Member State where its main establishment is located, that is, where the financial information service provider intends to carry out substantive business activities and where it has its head office or registered office within which the principal functions and operational control are exercised.
Amendment 219 #
Proposal for a regulation Recital 34 (34) A financial information service provider should be authorised in the jurisdiction of the Member State where its main establishment is located, that is, where the financial information service provider intends to carry out substantive business activities and where it has its head office or registered office within which the principal functions and operational control are exercised.
Amendment 220 #
Proposal for a regulation Recital 48 (48) Regulation (EU) 2016/679 applies when personal data are processed. It provides for the rights of a data subject, including the right of access and right to port personal data. This Regulation is without prejudice to the rights of a data subject provided under Regulation (EU) 2016/679, including the right of access and right to data portability. This Regulation creates a legal obligation to share customer personal and non-personal data upon customer’s request and mandates the technical feasibility of access and sharing for all types of data within the scope of this Regulation. The granting of permission by a customer is without prejudice to the obligations of data users under Article 6
Amendment 221 #
Proposal for a regulation Recital 48 (48)
Amendment 222 #
Proposal for a regulation Recital 48 (48)
Amendment 223 #
Proposal for a regulation Recital 48 (48)
Amendment 224 #
Proposal for a regulation Recital 48 (48) Regulation (EU) 2016/679 applies when personal data are processed. It provides for the rights of a data subject, including the right of access and right to port personal data. This Regulation is without prejudice to the rights of a data subject provided under Regulation (EU) 2016/679, including the right of access and right to data portability. This Regulation creates a legal obligation to share customer personal and non-personal data upon customer’s request and mandates the technical feasibility of access and sharing for all types of data within the scope of this Regulation. The granting of permission by a customer is without prejudice to the obligations of data users under Article 6 of Regulation (EU) 2016/679. Permission under this Regulation should not be inferred as ‘consent’ or ‘explicit consent’ or ‘necessity for the performance of a contract’ as defined in Regulation (EU) 2016/679 and should be in alignment with the Directive (EU) 2015/2366 and the Commission Delegated Regulation (EU) 2018/389. Personal data that are made available and shared with a data user should only be processed for services provided by a data user where there is a valid legal basis under Article 6(1) of Regulation (EU) 2016/679 and, when applicable, where the requirements of Article 9 of that Regulation on the processing of special categories of data are met.
Amendment 225 #
Proposal for a regulation Article 1 – paragraph 2 a (new) This Regulation is without prejudice to Regulation (EU) 2016/679, Regulation (EU) 2018/1725, Directive 2002/58/EC, Directive (EU) 2019/2161, Directive 93/13/EEC, and Directive 2011/83. In the event of a conflict between this Regulation and Union law on the protection of personal data or privacy, or national legislation adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data or privacy shall prevail.
Amendment 226 #
Proposal for a regulation Article 1 – paragraph 2 b (new) This Regulation is without prejudice to Directive (EU) 2023/2225, Directive 2014/17/EU, Directive 2014/65/EU and Directive (EU) 2016/97.
Amendment 227 #
Proposal for a regulation Article 1 – paragraph 2 c (new) This Regulation shall not affect the right of a customer to receive financial services and/or products without any additional costs from providers listed in article 2(2), shall they not avail themselves to the permission dashboard of article 8, or otherwise enable financial data sharing under the proposal. For the purposes of the implementation of this paragraph, the burden of proof shall lie with the data user.
Amendment 228 #
Proposal for a regulation Article 2 – paragraph 1 – introductory part 1. This Regulation applies to the following categories of basic customer data
Amendment 229 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) mortgage credit agreements
Amendment 230 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) mortgage credit agreements
Amendment 231 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) mortgage credit agreements,
Amendment 232 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings, investments in financial instruments,
Amendment 233 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;
Amendment 234 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;
Amendment 235 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings
Amendment 236 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings
Amendment 237 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets; including data collected for the purposes of carrying out an assessment of suitability and appropriateness in accordance with Article 25 of Directive 2014/65/EU of the European Parliament and of the Council32
Amendment 238 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets; including data collected for the purposes of carrying out an assessment of suitability and appropriateness in accordance with Article 25 of Directive 2014/65/EU of the European Parliament and of the Council32 and with Article 30 of Directive (EU) 2016/97 ;
Amendment 239 #
Proposal for a regulation Article 2 – paragraph 1 – point c Amendment 240 #
Proposal for a regulation Article 2 – paragraph 1 – point c (c) pension rights in occupational pension schemes, in accordance with Directive 2009/138/EC and Directive (EU) 2016/2341 of the European Parliament and of the Council33
Amendment 241 #
Proposal for a regulation Article 2 – paragraph 1 – point c (c) pension rights in occupational pension schemes, in accordance with Directive 2009/138/EC and Directive (EU) 2016/2341 of the European Parliament and of the Council33 , insofar as they are accessible to all interested consumers;
Amendment 242 #
Proposal for a regulation Article 2 – paragraph 1 – point c (c) pension rights in occupational pension schemes, in accordance with Directive 2009/138/EC and Directive (EU) 2016/2341 of the European Parliament and of the Council33 , that are accessible for all interested consumers;
Amendment 243 #
Proposal for a regulation Article 2 – paragraph 1 – point d Amendment 244 #
Proposal for a regulation Article 2 – paragraph 1 – point e Amendment 245 #
Proposal for a regulation Article 2 – paragraph 1 – point e Amendment 246 #
Proposal for a regulation Article 2 – paragraph 1 – point e Amendment 247 #
Proposal for a regulation Article 2 – paragraph 1 – point e Amendment 248 #
Proposal for a regulation Article 2 – paragraph 1 – point e (e) non-life insurance products in accordance with Directive 2009/138/EC, with the exception of sickness and health insurance products; including data collected for the purposes of a demands and needs assessment in accordance with Article 20 of Directive (EU) 2016/97 of the
Amendment 249 #
Proposal for a regulation Article 2 – paragraph 1 – point e (e) non-life insurance products in accordance with Directive 2009/138/EC, with the exception of sickness and health insurance products; and other insurance products involving health data, such as accident insurance, disability insurance, long-term care insurance;including data collected for the purposes of a demands and needs assessment in accordance with Article 20 of Directive (EU) 2016/97 of the European Parliament and Council34 , and data collected for the purposes of an appropriateness and suitability assessment in accordance with Article 30 of Directive (EU) 2016/97.
Amendment 250 #
Proposal for a regulation Article 2 – paragraph 1 – point f Amendment 251 #
Proposal for a regulation Article 2 – paragraph 1 – point f Amendment 252 #
Proposal for a regulation Article 2 – paragraph 1 – point f Amendment 253 #
Proposal for a regulation Article 2 – paragraph 1 – point f (f) data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process
Amendment 254 #
Proposal for a regulation Article 2 – paragraph 1 – point f (f) data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process or a request for a credit rating. Data collected as part of a creditworthiness assessment of consumers shall be excluded.
Amendment 255 #
Proposal for a regulation Article 2 – paragraph 1 – point f (f) data which forms part of a creditworthiness assessment of a firm which is collected as part of a
Amendment 256 #
Proposal for a regulation Article 2 – paragraph 1 – point f a (new) (f a) non-sensitive categories of data used by data holders to meet Know-Your- Customer (KYC) requirements for business customers.
Amendment 257 #
Proposal for a regulation Article 2 – paragraph 1 – point f a (new) (fa) (e) vehicle insurance services;
Amendment 258 #
Proposal for a regulation Article 2 – paragraph 2 – point b (b) payment institutions, including account information service providers
Amendment 259 #
Proposal for a regulation Article 2 – paragraph 2 – point b (b) payment institutions, including
Amendment 260 #
Proposal for a regulation Article 2 – paragraph 2 – point c (c) electronic money institutions
Amendment 261 #
Proposal for a regulation Article 2 – paragraph 2 – point i (i) insurances that are accessible for all interested consumers and reinsurance undertakings;
Amendment 262 #
Proposal for a regulation Article 2 – paragraph 2 – point j (j) insurance intermediaries
Amendment 263 #
Proposal for a regulation Article 2 – paragraph 2 – point k (k) institutions for occupational retirement provision (IORP), excluding small IORP as referred to in Article 5 of Directive (EU) 2016/2341;
Amendment 264 #
Proposal for a regulation Article 2 – paragraph 2 – point k (k) institutions for occupational retirement provision, insofar as they are accessible to all interested consumers;
Amendment 265 #
Proposal for a regulation Article 2 – paragraph 2 – point k (k) institutions for occupational retirement provision that are accessible for all interested consumers;
Amendment 266 #
Proposal for a regulation Article 2 – paragraph 2 – point l Amendment 267 #
Proposal for a regulation Article 2 – paragraph 2 – point l Amendment 268 #
Proposal for a regulation Article 2 – paragraph 2 – point m (m) crowdfunding service providers, which are not microenterprises or small or medium sized enterprises;
Amendment 269 #
Proposal for a regulation Article 2 – paragraph 2 – point o (o) financial information service providers;
Amendment 270 #
Proposal for a regulation Article 2 – paragraph 2 – point o a (new) (o a) operators of payment schemes
Amendment 271 #
Proposal for a regulation Article 2 – paragraph 3 3. This Regulation shall not apply to the entities referred to in Article 2(3), points (a) to (e), of Regulation (EU) 2022/2554. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user for the purposes of this Regulation. .
Amendment 272 #
Proposal for a regulation Article 2 – paragraph 3 3. This Regulation shall not apply to the entities referred to in Article 2(3), points (a) to (e), of Regulation (EU) 2022/2554. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user for the purposes of this Regulation.
Amendment 273 #
Proposal for a regulation Article 2 – paragraph 3 3. This Regulation shall apply to small enterprises as defined in Recommendation 2003/361/EC by [OP please insert the date 12 months after the date of application of this Regulation], and shall not apply to the entities referred to in Article 2(3), points (a) to (e), of Regulation (EU) 2022/2554.
Amendment 274 #
Proposal for a regulation Article 2 – paragraph 3 3. This Regulation shall not apply to the entities referred to in Article 2(3), points (a) to (e), of Regulation (EU) 2022/2554 and to Article 2(5) points (4) to (23), [insert reference to CRD VI once published to the Official Journal of the European Union].
Amendment 275 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3a. By way of exemption from paragraph 3, this Regulation shall apply to the entities referred to in Article 2(3)(e) of Regulation (EU) 2022/2554 if they so wish, provided that they prove their compliance with the relevant provisions of Regulation (EU) 2022/2554.
Amendment 276 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3 a. By way of derogation from paragraph 3, this Regulation shall apply to entities referred to in Article 2(3), point (e) of Regulation (EU) 2022/2554 to the condition that these entities prove they comply with the proportionate provisions established for microenterprises laid down down in in the the Regulation (EU) 2022/2554.
Amendment 277 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3 a. This regulation shall not apply to SMEs, but there shall be an option for SMEs to opt-in to the provisions of the regulation;
Amendment 278 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3 a. 3a. This Regulation shall not apply to special categories of data referred to in Article 9(1) of Regulation (EU) 2016/679.
Amendment 279 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3 a. This Regulation shall not apply to data referred in article 9 of Regulation (EU) 2016/679 (General Data Protection Regulation).
Amendment 280 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3 a. This Regulation does not apply to special categories of data referred to in Article 9(1) of Regulation (EU) 2016/679.
Amendment 281 #
Proposal for a regulation Article 2 – paragraph 3 b (new) 3b. This Regulation shall apply to the credit intermediaries referred to in Article 4(5) of Directive 2014/17/EU if they so wish, provided that they prove their compliance with the relevant provisions of Regulation (EU) 2022/2554.
Amendment 282 #
Proposal for a regulation Article 2 – paragraph 3 b (new) 3 b. This regulation shall not apply to collectively concluded products such as products resulted from social partners bargaining, trade unions or products procured by non-profit organisations on behalf of their members.
Amendment 283 #
Proposal for a regulation Article 2 – paragraph 3 c (new) 3c. Small and non-interconnected investment firms as defined in Article 12 of Regulation (EU) 2019/2033 shall fall outside the scope of this Regulation.
Amendment 284 #
Proposal for a regulation Article 2 – paragraph 4 a (new) 4 a. This Regulation is without prejudice to Union law and national law on the protection of personal data, privacy and confidentiality of communications and integrity of terminal equipment, which shall apply to personal data processed in connection with the rights and obligations laid down herein, in particular Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive 2002/58/EC, including the powers and competences of supervisory authorities and the rights of data subjects. Insofar as users are data subjects, the rights laid down in Chapter II of this Regulation shall complement the rights of access by data subjects and rights to data portability under Articles 15 and 20 of Regulation (EU) 2016/679. In the event of a conflict between this Regulation and Union law on the protection of personal data or privacy, or national legislation adopted in accordance with such Union law, the relevant Union or national law on the protection of personal data or privacy shall prevail.
Amendment 285 #
Proposal for a regulation Article 2 – paragraph 4 a (new) 4 a. Only financially relevant information and data from the categories mentioned above shall be processed for the purposes of this Regulation. Special categories of data, under article 9(1) of Regulation (EU) 2016/679 shall not be processed for the purposes of this Regulation, unless it is strictly necessary to fulfil the service requested by the customer. Data that has been derived or inferred from data provided by a customer as a result of profiling shall not be processed for the categories of this Regulation. For the purposes of the implementation of this paragraph the burden of proof shall lie with the data user.
Amendment 286 #
Proposal for a regulation Article 2 – paragraph 4 a (new) 4 a. Customer data referred to in paragraph 1, do not include: - sensitive data regarding a person's race or ethnicity, political opinions, religious or philosophical beliefs or union memberships, as well as genetic information and information about health and sexual orientation/practices - proprietary data that the financial institution has generated, analysed or enriched, including trade secrets and business-sensitive information.
Amendment 287 #
Proposal for a regulation Article 2 – paragraph 4 a (new) 4 a. Customer data referred to in paragraph 1, do not include: - sensitive data regarding a person's race or ethnicity, political opinions, religious or philosophical beliefs or union memberships, as well as genetic information and information about health and sexual orientation/practices; - proprietary data that the financial institution has generated, analysed or enriched, including trade secrets and business-sensitive information.
Amendment 288 #
Proposal for a regulation Article 2 – paragraph 4 a (new) 4 a. With reference to other provisions on data access, responsible data use and permission dashboards and financial data sharing schemes, the European Commission may consider, where appropriate, the development of sector- specific use cases by way of delegated or implementing acts.
Amendment 289 #
Proposal for a regulation Article 2 – paragraph 4 a (new) 4 a. This Regulation does not apply to trade secrets, business-sensitive information or proprietary data that the financial institution has generated or enriched.
Amendment 290 #
Proposal for a regulation Article 2 – paragraph 4 b (new) 4 b. This Regulation shall apply to contracts that have been entered into force from the date of application of the present Regulation onwards.
Amendment 291 #
Proposal for a regulation Article 2 – paragraph 4 b (new) 4 b. This Regulation shall apply to contracts that have been entered into force from the date of application of the present Regulation onwards.
Amendment 292 #
Proposal for a regulation Article 2 – paragraph 4 b (new) 4 b. This Regulation applies to data held by retail customers only and does not apply to the sharing of data of commercial customers.
Amendment 293 #
Proposal for a regulation Article 2 – paragraph 4 b (new) 4 b. The development of new or amended use cases shall take place in line with Article 30 of this Regulation.
Amendment 294 #
Proposal for a regulation Article 3 – paragraph 1 – point 1 (1) ‘consumer’ means a natural person who is acting for purposes other than his or her trade, business or profession, or a current ‘member’ or ‘beneficiary’ of the institution for occupational retirement provisions (IORP), as defined in Article 6 of the IORP II Directive’;
Amendment 295 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘customer’ means a natural or a
Amendment 296 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘customer’ means a natural or a legal person who makes use of financial products and services and who is the contractual partner of a financial institution (in its role as a data user) and can him- or herself choose the product and its provider;
Amendment 297 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘customer’ means a natural
Amendment 298 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘customer’ means a natural
Amendment 299 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘customer’ means a natural
Amendment 300 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘customer’ means a natural
Amendment 301 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data, provided by the customer (directly or observed) that is collected, stored
Amendment 302 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution or a financial information service provider as part of their normal course of business with customers which covers both data provided by a customer and raw data generated as a result of customer interaction with the financial institution or a financial information service provider. Data generated by the financial institution or a financial information service provider, even if such data are obtained by processing data provided directly by the customer, should not, in any case, be considered as customer data;
Amendment 303 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data, related to the customer that is collected, stored and otherwise processed by a financial institution
Amendment 304 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data
Amendment 305 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution and shall exclude data created as a result of profiling as per Article 4(4) of Regulation (EU) 2016/679;
Amendment 306 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution, excluding sensitive data and proprietary data as referred in Article 2, par. 5;
Amendment 307 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution excluding sensitive data and proprietary data as referred in Article 2, par. 5;
Amendment 308 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data, excluding data resulting from profiling activities, that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution;
Amendment 309 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which are available to the customer, and covers both data provided by a customer and data generated as a result of customer interaction with the financial institution;
Amendment 310 #
Proposal for a regulation Article 3 – paragraph 1 – point 3 (3) ‘customer data’ means basic personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers which covers
Amendment 311 #
Proposal for a regulation Article 3 – paragraph 1 – point 4 a (new) (4 a) ‘credit agreement’ means credit agreement as defined in Article 3 point (4) of Directive 2021/2167;
Amendment 312 #
Proposal for a regulation Article 3 – paragraph 1 – point 5 (5) ‘data holder’ means a financial institution
Amendment 313 #
Proposal for a regulation Article 3 – paragraph 1 – point 5 (5) ‘data holder’ means a financial institution o
Amendment 314 #
Proposal for a regulation Article 3 – paragraph 1 – point 5 (5) ‘data holder’ means a financial institution o
Amendment 315 #
Proposal for a regulation Article 3 – paragraph 1 – point 5 (5) ‘data holder’ means a financial institution other than an account information service provider that collects
Amendment 316 #
Proposal for a regulation Article 3 – paragraph 1 – point 5 (5) ‘data holder’ means a financial institution o
Amendment 317 #
Proposal for a regulation Article 3 – paragraph 1 – point 6 a (new) (6 a) ‘financial information service‘ means the online service of collecting, consolidating, storing and processing customer data to entities listed by Article 2 (2) and authorized to provide financial services and offer financial products to the customers;
Amendment 318 #
Proposal for a regulation Article 3 – paragraph 1 – point 6 a (new) (6 a) “financial information services” means the online services of collecting, consolidating, storing and processing customer data in order to provide a financial service to customers;
Amendment 319 #
Proposal for a regulation Article 3 – paragraph 1 – point 6 a (new) (6 a) 'financial information service' means the online service of collecting, consolidating, and enabling the comparison of customer data held by one or several data holders;
Amendment 320 #
Proposal for a regulation Article 3 – paragraph 1 – point 6 a (new) (6 a) ‘financial information service’ means an online service of collecting or consolidating customer and storing data held by one or several data holders;
Amendment 321 #
Proposal for a regulation Article 3 – paragraph 1 – point 6 b (new) (6 b) "financial service" means any service of a banking, credit, insurance, personal pension, investment or payment nature;
Amendment 322 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 (7)
Amendment 323 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 (7) ‘financial information service provider’ means a data user that is authorised under Article 14 to access the customer data listed in Article 2(1) for the provision of financial information services and within the scope of Article 2(3);
Amendment 324 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 (7) ‘financial information service provider’ means a data user or a data holder that is authorised under Article 14 to access the customer data listed in Article 2(1) for the p
Amendment 325 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 (7) ‘financial information service provider’ means a data user or a data holder that is authorised under Article 14 to access the customer data listed in Article 2(1) for the provision of financial information services;
Amendment 326 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 a (new) (7a) 'Financial information services' shall mean services aimed at providing customers with information on the financial products set out in Article 2(1) of this Regulation. Financial information services shall not include the provision of services regulated under existing sector- specific financial legislation and reserved for regulated financial institutions. Financial information services shall not include financial advice or insurance distribution services regulated by Directive (EU) 2016/97 or Directive 2014/65/EU;
Amendment 327 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 a (new) (7 a) ‘financial information service’ means an online service providing consolidated information on one or more financial services products listed under Article 2(1) of this Regulation with a view to providing a customer with an overall view of their financial situation immediately at any given moment;
Amendment 328 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 a (new) (7 a) ‘financial information service’ means an online service providing consolidated information on one or more financial services products listed under Article 2(1) of this Regulation with a view to providing a customer with an overall view of their financial situation immediately at any given moment;
Amendment 329 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 a (new) (7 a) "financial information services” means an online service to provide consolidated information on one or more categories of customer financial data listed in Article 2(1);
Amendment 330 #
Proposal for a regulation Article 3 – paragraph 1 – point 9 Amendment 331 #
Proposal for a regulation Article 3 – paragraph 1 – point 9 Amendment 332 #
Proposal for a regulation Article 3 – paragraph 1 – point 9 (9) ‘investment account’ means any register managed by an investment firm, credit institution or an insurance broker about the current holdings in financial instruments or insurance-based investment products of their client, including past transactions
Amendment 333 #
Proposal for a regulation Article 3 – paragraph 1 – point 9 (9) ‘investment account’ means any register managed by an investment firm, credit institution or an insurance
Amendment 334 #
Proposal for a regulation Article 3 – paragraph 1 – point 19 Amendment 335 #
Proposal for a regulation Article 3 – paragraph 1 – point 27 Amendment 336 #
Proposal for a regulation Article 3 – paragraph 1 – point 27 Amendment 337 #
Proposal for a regulation Article 3 – paragraph 1 – point 29 Amendment 338 #
Proposal for a regulation Article 3 – paragraph 1 – point 29 Amendment 339 #
Proposal for a regulation Article 3 – paragraph 1 – point 29 Amendment 340 #
Proposal for a regulation Article 3 – paragraph 1 – point 29 a (new) (29 a) ‘permission’ means the clear and unambiguous authorisation to a data user to access customer data, provided by customers themselves through a permission dashboard, based on which a data holder is required to make the requested data available for the specified purpose. For the purposes of this Regulation, the criteria of article 4(11) and the conditions in Article 7 of Regulation (EU) 679/2016 shall apply to permissions as well;
Amendment 341 #
Proposal for a regulation Article 3 – paragraph 1 – point 29 a (new) (29 a) 'Small and Medium sized Enterprises' or SMEs, means an SME as defined in point (13) of Article 4(1) of Directive 2014/65/EU;
Amendment 342 #
Proposal for a regulation Article 4 – paragraph 1 The data holder shall, upon request from a customer submitted
Amendment 343 #
Proposal for a regulation Article 4 – paragraph 1 The data holder shall, upon request from a customer
Amendment 344 #
Proposal for a regulation Article 4 – paragraph 1 The data holder shall, upon request from a customer submitted by electronic means, make the data listed in Article 2(1) available to the customer without undue delay, free of charge, continuously and in real-time, where appropriate in the circumstances.
Amendment 345 #
Proposal for a regulation Article 4 – paragraph 1 The data holder shall, upon request from a customer submitted by electronic means or in an analogue format, make the data listed in Article 2(1) available to the customer without undue delay, free of charge, continuously and in real-time.
Amendment 346 #
Proposal for a regulation Article 4 – paragraph 1 The data holder shall, upon request from a customer submitted by electronic means, make the data listed in Article 2(1) available to the customer without undue delay, free of charge, continuously and in
Amendment 347 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon request from a customer to do so submitted
Amendment 348 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon explicit request from a customer submitted by electronic means, make available to a data user the customer data listed in Article 2(1) for the purposes for which the customer has granted permission to the data user. Any request from a customer shall state explicitly the specific service for the purpose of which the customer consents to the use of his data by the data user. The customer data shall be made available to the data user without undue delay, continuously and in real-time.
Amendment 349 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon explicit request from a customer
Amendment 350 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon request from a customer submitted by electronic means, make available to a data user the customer data listed in Article 2(1) for the purposes for which the customer has granted permission to the data user and insofar as the data user demonstrates a valid legal basis under article 6(1)(a) or (b) of Regulation (EU) 2016/679. The customer data shall be made available to the data user without undue delay, continuously and in real-time.
Amendment 351 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon request from a customer submitted by electronic means, make available to a data user that is member of a financial data-sharing scheme the customer data listed in Article 2(1) for the purposes for which the customer has granted permission to the data user. The customer data shall be made available to the data user without undue delay, continuously and in real-time.
Amendment 352 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon request from a customer submitted by electronic means, make available to a data user the customer data listed in Article 2(1) for the purposes for which the customer has granted permission to the data user. The customer data shall be made available to the data user without undue delay, continuously and in real-time, where appropriate in the circumstances.
Amendment 353 #
Proposal for a regulation Article 5 – paragraph 1 1. The data holder shall, upon explicit request from a customer submitted by electronic means, make available to a data user the customer data listed in Article 2(1) for the purposes for which the customer has granted permission to the data user. The customer data shall be made available to the data user without undue delay, continuously and in real-time.
Amendment 354 #
Proposal for a regulation Article 5 – paragraph 1 a (new) 1 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user under this Regulation.
Amendment 355 #
Proposal for a regulation Article 5 – paragraph 1 a (new) 1 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user under this Regulation.
Amendment 356 #
Proposal for a regulation Article 5 – paragraph 1 a (new) 1 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be an eligible data user under this Regulation.
Amendment 357 #
Proposal for a regulation Article 5 – paragraph 2 2. A data holder may claim compensation from a data user for making customer data available pursuant to paragraph 1 only if the customer data is made available to a data user in accordance with the rules and modalities of a financial data sharing scheme, as provided in Articles 9 and 10, or if it is made available pursuant to Article 11. This Regulation is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data access obligations established by this Regulation.
Amendment 358 #
Proposal for a regulation Article 5 – paragraph 2 2. A data holder may claim compensation from a data user for making customer data available pursuant to paragraph 1 only if the customer data is made available to a data user in accordance with the rules and modalities of a financial data sharing scheme, as provided in Articles 9 and 10, or if it is made available pursuant to Article 11. This Regulation is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data access obligations established by this Regulation.
Amendment 359 #
Proposal for a regulation Article 5 – paragraph 2 2. A data holder may claim compensation from a data user for making customer data available pursuant to paragraph 1 only if the customer data is made available to a data user in accordance with the rules and modalities of a financial data sharing scheme, as provided in Articles 9 and 10, or if it is made available pursuant to Article 11. This is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data-access obligations established by this Regulation.
Amendment 360 #
Proposal for a regulation Article 5 – paragraph 2 2. A data holder may claim compensation from a data user for making customer data available pursuant to paragraph 1 only if the customer data is made available to a data user in accordance with the rules and modalities of a financial data sharing scheme, as provided in Articles 9 and 10, or if it is made available pursuant to Article 11. This is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data-access obligations established by this Regulation.
Amendment 361 #
Proposal for a regulation Article 5 – paragraph 3 – point c (c) request data users to demonstrate that they have a valid legal basis under article 6(1)(a) or (b) of Regulation (EU) 2016/679 and obtained the permission of the customer to access the customer data held by the data holder;
Amendment 362 #
Proposal for a regulation Article 5 – paragraph 3 – point e Amendment 363 #
Proposal for a regulation Article 5 – paragraph 3 a (new) 3 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925 on contestable and fair markets in the digital sector (Digital Markets Act), shall not be an eligible third party under this Regulation and the data holder shall not therefore grant access to customer data to such entities.
Amendment 364 #
Proposal for a regulation Article 5 a (new) Article5a Customer permission 1. Any permission granted by a customer shall be given for a period of time not exceeding 6 months. 2. Any permission granted by a customer shall not be renewed tacitly. 3. A customer may withdraw the permission it has granted to a data user at any time and free of charge. When processing is necessary for the performance of a contract, a customer may withdraw the permission it has granted to make customer data available to a data user according to the contractual obligations to which it is subject.
Amendment 365 #
Proposal for a regulation Article 6 – paragraph 1 1. A data user shall only be eligible to
Amendment 366 #
Proposal for a regulation Article 6 – paragraph 1 1. A data user shall only be eligible to
Amendment 367 #
Proposal for a regulation Article 6 – paragraph 1 a (new) 1 a. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) shall not be an eligible third party for the purposes of data-sharing and therefore cannot request or be granted access to customers’ data.
Amendment 368 #
Proposal for a regulation Article 6 – paragraph 1 a (new) 1 a. Any undertaking providing core platform services for which one or more of such services have been designated as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 (Digital Markets Act) shall not be an eligible third party for the purposes of data-sharing and therefore cannot request or be granted access to customers’ data.
Amendment 369 #
Proposal for a regulation Article 6 – paragraph 1 a (new) 1 a. Consumers shall not be prevented from accessing a financial product by a data user solely because they did not give permission for their data to be accessed in the manner set out under Article 5(1). For the purposes of the implementation of this paragraph, the burden shall be on the data user to show that permission was given.
Amendment 370 #
Proposal for a regulation Article 6 – paragraph 2 2. A data user shall only
Amendment 371 #
Proposal for a regulation Article 6 – paragraph 2 2. A data user shall only request and access customer data made available under Article 5(1) that is adequate, relevant and necessary for the purposes and under the conditions for which the customer has granted its permission. A data user shall delete customer data when it is no longer necessary for the purposes for which the permission has been granted by a customer.
Amendment 372 #
Proposal for a regulation Article 6 – paragraph 2 2. A data user shall only access customer data made available under Article 5(1) for the purposes and under the conditions for which the customer has granted its permission. A data user shall delete this customer data, including all backups, without undue delay when it is no longer necessary for the purposes for which the permission has been granted by a customer.
Amendment 373 #
Proposal for a regulation Article 6 – paragraph 3 Amendment 374 #
Proposal for a regulation Article 6 – paragraph 3 3. A customer
Amendment 375 #
Proposal for a regulation Article 6 – paragraph 4 – point a a (new) (a a) not transfer any customer data to any third party without the customer’s explicit permission;
Amendment 376 #
Proposal for a regulation Article 6 – paragraph 4 – point b Amendment 377 #
Proposal for a regulation Article 6 – paragraph 4 – point b a (new) (b a) respect the data protection rights of data subject and the level of protection guaranteed by General Data Protection Regulation.
Amendment 378 #
Proposal for a regulation Article 6 – paragraph 4 – point b a (new) (b a) respect the data protection rights of data subject and the level of protection guaranteed by General Data Protection Regulation.
Amendment 379 #
Proposal for a regulation Article 6 – paragraph 4 – point e (e) not process customer data for advertising purposes
Amendment 380 #
Proposal for a regulation Article 6 – paragraph 4 – point e (e) not process customer data for advertising purposes, except for direct marketing
Amendment 381 #
Proposal for a regulation Article 6 – paragraph 4 – point e (e) not process customer data for advertising purposes, except for direct marketing
Amendment 382 #
Proposal for a regulation Article 6 – paragraph 4 – point e a (new) (e a) not make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925;
Amendment 383 #
Proposal for a regulation Article 6 – paragraph 4 – point e a (new) (e a) not make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925;
Amendment 384 #
Proposal for a regulation Article 6 – paragraph 4 – point e a (new) (e a) not transfer customer data to any third party, including in an outsourcing scheme, without the customer’s explicit permission;
Amendment 385 #
Proposal for a regulation Article 6 – paragraph 4 – point e b (new) (e b) not make the data it receives available to an undertaking designated as a gatekeeper pursuant to Article 3 of Regulation (EU) 2022/1925;
Amendment 386 #
Proposal for a regulation Article 6 – paragraph 4 – point f a (new) (f a) not use the data it receives to develop a product that competes with the product from which the accessed data originate or share the data with another third party for that purpose.
Amendment 387 #
Proposal for a regulation Article 6 – paragraph 4 – point f a (new) (f a) not use the data it receives to develop a product that competes with the product from which the accessed data originate or share the data with another third party for that purpose.
Amendment 388 #
Proposal for a regulation Article 6 – paragraph 4 a (new) 4 a. The obligations contained in this Article apply to the initial receipt of data by a data user. Once the data user collects, stores and processes data as per the definition in Article 3(5), it should be considered a data holder and therefore subject to the corresponding obligations on data holders in Article 5.
Amendment 389 #
Proposal for a regulation Article 6 – paragraph 4 a (new) 4 a. Once the data user collects, stores and processes data as per the definition in Article 3(5), it should be considered as a data holder and therefore subject to the obligations on data holders in Article 5.
Amendment 390 #
Proposal for a regulation Article 6 – paragraph 4 a (new) 4 a. Once the data user collects, stores and processes data as per the definition in Article 3(5), it should be considered as a data holder and therefore subject to the obligations on data holders in Article 5.
Amendment 391 #
Proposal for a regulation Article 6 – paragraph 4 a (new) 4 a. Data under this Regulation shall be stored on the territory of the Union.
Amendment 392 #
Proposal for a regulation Article 7 – paragraph 1 1. The processing of customer data referred to in Article 2(1) of this Regulation that constitutes personal data shall be limited to what is necessary in relation to the purposes for which they are processed. Customers that refuse to grant permission to share sets of their data shall not be refused access to financial products for this reason.
Amendment 393 #
Proposal for a regulation Article 7 – paragraph 1 1. The processing of customer data referred to in Article 2(1) of this Regulation
Amendment 394 #
Proposal for a regulation Article 7 – paragraph 2 2. In accordance with Article 1
Amendment 395 #
Proposal for a regulation Article 7 – paragraph 2 2. In accordance with Article 16 of Regulation (EU) No 1093/2010, the European Banking Authority (EBA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to the credit score of the consumer, mortgage credit agreements, accounts including credit card accounts, and investment products. The EBA shall submit the draft guidelines referred to in the first subparagraph to the Commission by ... [XX].
Amendment 396 #
Proposal for a regulation Article 7 – paragraph 2 2. In accordance with Article 16 of Regulation (EU) No 1093/2010, the European Banking Authority (EBA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to the credit score of the consumer. When doing so, the EBA shall duly take into account the relevant provisions of Directive (EU) 2023/2225 on credit agreements for consumers, including subsequent implementing legislation and guidelines.
Amendment 397 #
Proposal for a regulation Article 7 – paragraph 2 2.
Amendment 398 #
Proposal for a regulation Article 7 – paragraph 3 3. In accordance with Article 16 of Regulation (EU) No 1094/2010, the European Insurance and Occupational Pensions Authority (EIOPA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to risk assessment and pricing of a consumer in the case of life, health, motor, home, and sickness insurance products. These guidelines shall include provisions on how data may be used to avoid excessive granularity that undermines the risk sharing principle of insurance. EIOPA shall submit the draft guidelines referred to in the first subparagraph to the Commission by ... [XX].
Amendment 399 #
Proposal for a regulation Article 7 – paragraph 3 3.
Amendment 400 #
Proposal for a regulation Article 7 – paragraph 3 3. In accordance with Article 1
Amendment 401 #
Proposal for a regulation Article 7 – paragraph 3 3. In accordance with Article 16 of Regulation (EU) No 1094/2010, the European Insurance and Occupational Pensions Authority (EIOPA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to risk assessment and pricing of a consumer in the case of
Amendment 402 #
Proposal for a regulation Article 7 – paragraph 3 3. In accordance with Article 16 of Regulation (EU) No 1094/2010, the European Insurance and Occupational Pensions Authority (EIOPA) shall develop guidelines on the implementation of paragraph 1 of this Article for products and services related to risk assessment and pricing of a consumer in the case of
Amendment 403 #
Proposal for a regulation Article 7 – paragraph 3 a (new) 3 a. For the purposes of paragraphs (2) and (3) of this article, regulatory technical standards should address: (a) the limits of the combination of ‘customer data’ obtained pursuant to the Proposal with other types of personal data; (b) the explainability, transparency and bias avoidance safeguards needed to be installed when Artificial Intelligence tools and algorithms are being deployed, used or trained for any of the purposes mentioned in paragraphs (2) and (3) of this article; (c) the information provision obligations for financial institutions when a customer is presented with a personalised offer that is based on profiling or other types of automated processing of personal data; (d) how the ‘right to be forgotten’ of cancer survivors shall be applicable in relation to non-credit related insurance policies, including life and health insurance, in line with article 124 of the 2020/2267 (INI) Report of the European Parliament. This shall also be extended to other chronic diseases and mental conditions.
Amendment 404 #
Proposal for a regulation Article 7 – paragraph 3 a (new) 3 a. In accordance with Article 10 of Regulation (EU) No 1094/2010, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority shall develop regulatory technical standards on the implementation of paragraph 1 of this Article for products and services related to the suitability and appropriateness assessment required under Article 25 of Directive (EU) 2014/65/EU, Article 30 of Directive (EU) 2015/97, and Article 81(1) of Regulation (EU) 2023/1114 of a consumer for submission to the Commission by December 2025.
Amendment 405 #
Proposal for a regulation Article 7 – paragraph 3 b (new) 3 b. Powers are delegated to the European Commission to adopt regulatory technical standards on the implementation of paragraph 2, 3 and 3a.
Amendment 406 #
Proposal for a regulation Article 7 – paragraph 3 c (new) 3 c. For the purposes of paragraphs (2) and (3) of this article, regulatory technical standards shall address: (a) the limits of the combination of ‘customer data’ obtained pursuant to this Regulation with other types of personal data; (b) the explainability, transparency and bias avoidance safeguards needed to be installed when Artificial Intelligence tools and algorithms are being deployed, used or trained for any of the purposes mentioned in paragraphs (2), (3) and (3a) of this article; (c) the information provision obligations for financial institutions when a customer is presented with a personalised offer that is based on profiling or other types of automated processing of personal data; (d) how the ‘right to be forgotten’ of cancer survivors shall be applicable in relation to non-credit related insurance policies, including life and health insurance, in line with article 124 of the 2020/2267 (INI) Report of the European Parliament.This shall also be extended to other chronic diseases and conditions; (e) how data may be used to avoid excessive granularity that undermines the ‘risk sharing’ principle of insurance.
Amendment 407 #
Proposal for a regulation Article 7 – paragraph 4 4. When preparing the
Amendment 408 #
Proposal for a regulation Article 7 – paragraph 4 4. When preparing the
Amendment 409 #
Proposal for a regulation Article 7 – paragraph 4 a (new) 4 a. A consumer cannot be denied access to a financial product if they do not consent to their data being shared or accessed via the framework established by this Regulation. For the purposes of the implementation of this paragraph, the burden of proof shall lie with the data user.
Amendment 410 #
Proposal for a regulation Article 7 – paragraph 4 a (new) 4 a. Additional financial and human resources shall be provided to the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA) for the fulfilment of their tasks under this Regulation.
Amendment 411 #
Proposal for a regulation Article 7 – paragraph 4 a (new) 4 a. The European Supervisory Authorities (ESAs) shall develop guidelines on the processing of customer data referred to in Article 2(1)(fa) of this Regulation that constitutes non-sensitive data.
Amendment 412 #
Proposal for a regulation Article 7 – paragraph 4 b (new) 4 b. Additional financial and human resources shall be provided to the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) for the fulfilment of their tasks under this Regulation.
Amendment 413 #
Proposal for a regulation Article 8 – paragraph 1 1. A data holder shall provide the customer with a permission dashboard, in line with the specifications required for data permission dashboards as foreseen under Regulation (EU) [XXXX/XXXX] of the European Parliament of the Council (PSR/PSD3), to monitor and manage the permissions a customer has provided to data users.
Amendment 414 #
Proposal for a regulation Article 8 – paragraph 1 1. A data holder shall provide the customer with a permission dashboard that is permanently available to the customer to monitor and manage the permissions a customer has provided to data users.
Amendment 415 #
Proposal for a regulation Article 8 – paragraph 2 – point a – introductory part (a) provide the customer with an overview of each ongoing permission given to data users, to the extent this information was provided to the data holder by the data user, including:
Amendment 416 #
Proposal for a regulation Article 8 – paragraph 2 – point a – introductory part (a) provide the customer with an overview of each ongoing permission given to data users, to the extent that is provided by the data user, including:
Amendment 417 #
Proposal for a regulation Article 8 – paragraph 2 – point a – introductory part (a) provide the customer with an overview of each ongoing permission given to data users, in a format that is easy to understand, including:
Amendment 418 #
Proposal for a regulation Article 8 – paragraph 2 – point a – introductory part (a) provide the customer with an overview of each ongoing permission given to data users at any time, including:
Amendment 419 #
Proposal for a regulation Article 8 – paragraph 2 – point a – point i (i) the name and details of the data user to which access has been granted
Amendment 420 #
Proposal for a regulation Article 8 – paragraph 2 – point a – point iii (iii) a detailed description of the purpose of the permission;
Amendment 421 #
Proposal for a regulation Article 8 – paragraph 2 – point a – point iv (iv) the specific categories of data being shared;
Amendment 422 #
Proposal for a regulation Article 8 – paragraph 2 – point a – point v a (new) (v a) the date on which the customer has granted access to a data user;
Amendment 423 #
Proposal for a regulation Article 8 – paragraph 2 – point a – point v b (new) (v b) the storage location of data being shared.
Amendment 424 #
Proposal for a regulation Article 8 – paragraph 2 – point b (b) allow the customer to withdraw a permission given to a data user at any time, and free of charge;
Amendment 425 #
Proposal for a regulation Article 8 – paragraph 2 – point b (b) allow the customer to withdraw a permission given to a data user at any time;
Amendment 426 #
Proposal for a regulation Article 8 – paragraph 2 – point c Amendment 427 #
Proposal for a regulation Article 8 – paragraph 2 – point c (c) allow the customer to re-establish any permission withdrawn at any time;
Amendment 428 #
Proposal for a regulation Article 8 – paragraph 3 3. The data holder shall ensure that the permission dashboard is easy to find in its user interface and that information displayed on the dashboard is clear, accurate and easily understandable for the customer and is in line with the European data protection and consumer legislative frameworks, notably Regulation (EU) 2016/679, Directive (EU) 2019/2161, Directive 93/13/EEC, and Directive 2011/83 EU.
Amendment 429 #
Proposal for a regulation Article 8 – paragraph 3 a (new) 3 a. The data holder shall ensure that the permission dashboard is not designed in a way that would encourage or unduly influence the customer to grant or withdraw permissions.This includes: (a) the procedure to withdraw consent shall not be made more difficult than the procedure to grant access; (b) providers of the dashboards shall not design, organise or operate their interfaces in a way that deceives or manipulates the recipients of their service or in a way that otherwise materially distorts or impairs the ability of the recipients of their service to make free and informed decisions.
Amendment 430 #
Proposal for a regulation Article 8 – paragraph 3 a (new) 3 a. The data holder shall ensure that the permission dashboard is not designed in a way that would encourage or unduly influence the customer to grant or withdraw permissions, including through the use of dark patterns and through the use of pre-tricked boxes. For example, the procedure to withdraw consent cannot be made more difficult than the procedure to grant access. The EBA and EIOPA, in close cooperation with the European Data Protection Board established by Regulation (EU) 2016/679, shall be required to develop guidelines on the implementation of this paragraph.
Amendment 431 #
Proposal for a regulation Article 8 – paragraph 3 a (new) 3 a. The data holder shall ensure that the permission dashboard is designed to be user-friendly, with information presented in a neutral way and not in a way that would encourage or unduly influence the customer to grant or withdraw permissions.
Amendment 432 #
Proposal for a regulation Article 8 – paragraph 3 b (new) 3 b. Data holders shall use the European Digital Identity Wallet issued by a Member State as introduced by the proposal amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity for consumers to help identify a customer online and authenticate consent for the provision of consumer permissions via the data access permission dashboards.
Amendment 433 #
Proposal for a regulation Article 8 – paragraph 4 – introductory part 4. The data holder and the data user for which permission has been granted by a customer shall cooperate to make information available to the customer via the dashboard i
Amendment 434 #
Proposal for a regulation Article 8 – paragraph 4 – introductory part 4. The data holder and the data user for which permission has been granted by a customer shall cooperate to make information available to the customer via the dashboard i
Amendment 435 #
Proposal for a regulation Article 8 – paragraph 4 – point a (a) The data holder shall inform the data user of changes made to a permission, including withdrawal, concerning that data user made by a customer via the dashboard.
Amendment 436 #
Proposal for a regulation Article 8 – paragraph 4 – point b – point iii a (new) (iii a) the legal basis under Article 6(1) GDPR and, where relevant, the exception under Article 9(2) GDPR that they would rely on to access personal data contained in the customer dataset;
Amendment 437 #
Proposal for a regulation Article 8 – paragraph 4 – point b a (new) (b a) The data holder must be in control of the identity and access management of both the customer and any data user, as well as the permission dashboard through which any request is submitted.
Amendment 438 #
Proposal for a regulation Article 8 – paragraph 4 – point b a (new) (b a) The data holder must be in control of the identity and access management of both the customer and any data user, as well as the permission dashboard through which any request is submitted.
Amendment 439 #
Proposal for a regulation Article 8 – paragraph 4 – point b a (new) (b a) The data user shall be responsible for the accuracy of the data provided to the data holder.
Amendment 440 #
Proposal for a regulation Article 8 – paragraph 4 – point b a (new) (b a) The data user shall immediately inform data holder of a permission withdrawal.
Amendment 441 #
Proposal for a regulation Article 8 – paragraph 4 – point b b (new) (b b) The data user is responsible for the accuracy of the data provided to the data holder.
Amendment 442 #
Proposal for a regulation Article 8 – paragraph 4 a (new) 4 a. The information provided on the permission dashboard is without prejudice to the requirements under Regulation 2016/679.
Amendment 443 #
Proposal for a regulation Article 9 – paragraph 1 1.
Amendment 444 #
Proposal for a regulation Article 9 – paragraph 1 1.
Amendment 445 #
Proposal for a regulation Article 9 – paragraph 1 1.
Amendment 446 #
Proposal for a regulation Article 9 – paragraph 1 1. Within
Amendment 447 #
Proposal for a regulation Article 9 – paragraph 1 1. Within
Amendment 448 #
Proposal for a regulation Article 9 – paragraph 1 1. Within
Amendment 449 #
Proposal for a regulation Article 9 – paragraph 1 1.
Amendment 450 #
Proposal for a regulation Article 9 – paragraph 1 a (new) 1 a. The implementation of a financial data access scheme shall be structured as follows: (a) Within 6 months from the entry into force of this Regulation, members shall agree on the general rules applicable to a financial data access scheme in accordance with Article 10(1)(a)-(f) and Article 10(1)(i)-(j) (‘development phase’). (b) Within 18 months from the entry into force of this Regulation, members shall agree on common standards and a model to determine compensation in accordance with the requirements laid down in Article 10(1)(g) and Article 10(1)(h).Members shall also notify a financial data access scheme in accordance with Article 10(4) (‘implementation phase’). (c) Within 24 months from the entry into force of this Regulation, members shall ensure that all elements of a financial data access scheme are fully operational by the time this Regulation applies in its entirety.
Amendment 451 #
Proposal for a regulation Article 9 – paragraph 1 a (new) 1 a. The financial data sharing scheme referred to in paragraph 1 shall be developed by market participants within the specified time-frame. In cases where such a scheme is not developed in accordance with this Regulation in this timeframe, those entities involved in the setting up of the schemes shall work with the relevant competent authorities on national and European level to develop the scheme, considering experiences across the market and always bearing in mind the concept of standardisation of schemes
Amendment 452 #
Proposal for a regulation Article 9 – paragraph 1 a (new) 1 a. Within 36 months from the entry into force of this Regulation data holders and data users of the following categories of customer data shall become members of a scheme: accounts, including credit card accounts, except payment accounts as defined in the Payment Services Directive (EU) 2015/2366 and technical accounts, savings, represented by term deposits, and savings accounts.
Amendment 453 #
Proposal for a regulation Article 9 – paragraph 1 b (new) 1 b. Within 48 months from the entry into force of this Regulation data holders and data users of the following categories of customer data shall become members of a scheme: mortgage credit agreements as defined in Directive (EU)2014/17, and data relating to loans with instalments provided by the data holder;
Amendment 454 #
Proposal for a regulation Article 9 – paragraph 1 c (new) 1 c. Within 60 months from the entry into force of this Regulation data holders and data users of the following categories of customer data shall become members of a scheme: investments in financial instruments, in accordance with Section C of Annex I of Directive (EU) 2014/65 and excluding derivative transactions used for risk management purposes, insurance based investment products, other related financial assets, structured deposits, and crypto assets as defined under Article 3(1)(5) of Regulation (EU) 2023/1114, non- life insurance products, occupational pension schemes, pan- European private pension schemes, and remaining categories also covered by Article 2(1);
Amendment 455 #
Proposal for a regulation Article 9 – paragraph 2 – subparagraph 1 Data holders and data users may become members of
Amendment 456 #
Proposal for a regulation Article 9 – paragraph 2 – subparagraph 2 Amendment 457 #
Proposal for a regulation Article 9 – paragraph 2 – subparagraph 2 Any sharing of data
Amendment 458 #
Proposal for a regulation Article 9 – paragraph 2 a (new) 2 a. This Regulation shall be without prejudice to any data exchange that may occur based on contractual agreements outside the scope of this Regulation.
Amendment 459 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a – point i (i) data holders and data users representing a significant proportion of the market of the product or service concerned,
Amendment 460 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a – point i (i) data holders and data users representing a significant proportion of the market of the product or service concerned, with each side having fair
Amendment 461 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a – point i (i) data holders and data users representing a significant proportion of the market of the product or service concerned, with each side having fair
Amendment 462 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a – point ii (ii) customer organisations and consumer associations with expertise in financial services, in an observer role.
Amendment 463 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a – point ii a (new) (iia) associations and relevant professional organisations.
Amendment 464 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a a (new) (a a) each of the parties listed in paragraph (a) above shall have fair and equal representation in the internal decision-making processes of the scheme as well as equal weight in any voting procedures; where a member is both a data holder and data user, its membership shall be counted equally towards both sides;
Amendment 465 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point a a (new) (a a) each of the parties listed in paragraph (a) above shall have fair and equal representation in the internal decision-making processes of the scheme as well as equal weight in any voting procedures; where a member is both a data holder and data user, its membership shall be counted equally towards both sides.
Amendment 466 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point e (e) a financial data sharing scheme shall include a mechanism through which its rules can be amended, following an impact analysis and the agreement of the majority of each community of data holders
Amendment 467 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point e (e) a financial data sharing scheme shall include a mechanism through which its rules can be amended, following an impact analysis and the agreement of the majority of each community of data holders
Amendment 468 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point g (g) a financial data
Amendment 469 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point g (g) a financial data sharing scheme shall include the common standards for the data and the technical interfaces to allow customers to request data sharing in accordance with Article 5(1). The common standards for the data and technical interfaces that scheme members agree to use may be developed by scheme members or by other parties or bodies; The development of common standards for the data and technical interfaces shall draw on existing international or industry- recognised standards;
Amendment 470 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point g a (new) (g a) a financial data access scheme shall include the minimum technical and organisational measures that financial data access scheme members shall implement to ensure an appropriate level of security for exchanged data, including security measures to prevent and mitigate the risk of fraud.
Amendment 471 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point g a (new) (g a) a financial data sharing scheme shall also establish minimum technical and organisational measures to ensure an appropriate level of security for the exchange of personal data;
Amendment 472 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h Amendment 473 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – introductory part (h) a financial data sharing scheme shall establish, a model to determine the maximum compensation that a data holder is entitled to charge for making data available through an appropriate technical interface for data sharing with data users in line with the common standards developed under point (g) and taking into account market-led initiatives for other compensation schemes. The model shall be based on the following principles:
Amendment 474 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – introductory part (h) a financial data sharing scheme shall establish a model to determine the
Amendment 475 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – introductory part (h) a financial data sharing scheme shall establish a model to determine the
Amendment 476 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – introductory part (h) a financial data sharing scheme shall establish a model to determine the
Amendment 477 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point i (i) i
Amendment 478 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point i (i)
Amendment 479 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point i (i) it should be limited to reasonable compensation
Amendment 480 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point i (i) it should be limited to reasonable compensation directly related to the costs incurred in making the data available to the data user and which is attributable to the request;
Amendment 481 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point ii (ii) it should be based on an objective, transparent and non-discriminatory methodology agreed by the scheme members and may include a margin and respect the provisions of Art. 9(1) of the Data Act (Regulation (EU) XX);
Amendment 482 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point ii (ii) it should be based on an objective, transparent and non-discriminatory methodology agreed by the scheme members and may include a margin and respect the provisions of Art. 9(1) of the Data Act (Regulation (EU) XX);
Amendment 483 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point v Amendment 484 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point v Amendment 485 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point v Amendment 486 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point v (v) it should be devised to gear compensation towards the lowe
Amendment 487 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h – point vi a (new) (vi a) it should ensure that the remuneration to the data holder is not borne by the customer.
Amendment 488 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h a (new) (h a) Any compensation agreed upon between a data holder and a data user for making data available in business-to- business relations shall be non- discriminatory and reasonable and may include a margin.The data holder and the data user shall take into account in particular: (a) the costs incurred for making the data available, including, in particular, the costs necessary for the formatting of data, dissemination via electronic means and storage; (b) the investment in the collection and production of data, where applicable, taking into account whether other parties contributed to the obtaining, generating or collecting the data in question.
Amendment 489 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 1 – point h a (new) (h a) Taking into account the level of compensation in the market, in particular regarding the developments in the calculation, the EBA in cooperation with ESMA and EIOPA shall publicly report to the Commission on a yearly basis on the evolution of compensation fees. The Commission shall, if necessary, adopt a delegated act in accordance with Article 30 to address market failures using proportionate and appropriate tools. The EBA, ESMA and EIOPA shall consult data holders and data users upon the drafting of these reports.
Amendment 490 #
Proposal for a regulation Article 10 – paragraph 1 – subparagraph 2 Amendment 491 #
Proposal for a regulation Article 10 – paragraph 3 3. A data holder shall communicate to the competent authority of the Member State of its establishment the financial data
Amendment 492 #
Proposal for a regulation Article 10 – paragraph 4 4. A financial data
Amendment 493 #
Proposal for a regulation Article 10 – paragraph 4 4. A financial data sharing scheme set up in accordance with this Article shall be notified to the
Amendment 494 #
Proposal for a regulation Article 10 – paragraph 6 – subparagraph 1 Within 1 month of receipt of the notification pursuant to paragraph 4, the
Amendment 495 #
Proposal for a regulation Article 10 – paragraph 6 – subparagraph 1 Within 1 month of receipt of the notification pursuant to paragraph 4, the
Amendment 496 #
Proposal for a regulation Article 10 – paragraph 6 – subparagraph 1 Within 1 month of receipt of the notification pursuant to paragraph 4, the competent authority shall assess whether the financial data sharing scheme’s governance modalities and characteristics are in compliance with paragraph 1. When assessing the compliance of the financial data sharing scheme with paragraph 1, the competent authority
Amendment 497 #
Proposal for a regulation Article 10 – paragraph 6 – subparagraph 2 Upon completion of
Amendment 498 #
Proposal for a regulation Article 10 – paragraph 6 – subparagraph 2 Upon completion of its assessment, the
Amendment 499 #
Proposal for a regulation Article 10 – paragraph 6 – subparagraph 2 a (new) Competent authorities shall undertake regular comprehensive reviews of data sharing schemes’ governance arrangements set out in Article 10(1). These reviews shall include a thorough and documented assessment whether the schemes’ arrangements are appropriate and credible for the purposes of ensuring the responsible treatment of customer data.
Amendment 500 #
Proposal for a regulation Article 10 – paragraph 6 a (new) 6 a. Competent authorities shall undertake regular comprehensive reviews of data sharing schemes’ governance arrangements set out in Article 10(1). These reviews shall include a thorough and documented assessment whether the schemes’ arrangements are appropriate and credible for the purposes of ensuring the responsible treatment of customer data.
Amendment 501 #
Proposal for a regulation Article 11 Amendment 502 #
Proposal for a regulation Article 11 Amendment 503 #
Proposal for a regulation Article 11 – paragraph 1 Amendment 504 #
Proposal for a regulation Article 11 – paragraph 1 – introductory part In the event that a financial data sharing scheme is not finalised for one or more categories of customer data listed in Article 2(1), the European Commission shall consult with all stakeholders and submit a report to the European Parliament and the Council setting out any grounds for intervention by the European Commission.The report shall take account of any existing work towards a scheme already undertaken by the industry.The report shall lay down the modalities under which a data holder may make customer data available pursuant to Article 5(1) for that category of data: (a) common standards for the data and, where appropriate, the technical interfaces to allow customers to request data sharing under Article 5(1); (b) a model to determine the maximum compensation that a data holder is entitled to charge for making data available; (c) the liability of the entities involved in making the customer data available. In the event that a financial data sharing scheme is not developed for one or more categories of customer data listed in Article 2(1) and there is no realistic prospect of such a scheme being set up within a reasonable amount of time, the Commission is empowered, after consultation with all stakeholders, to adopt a delegated act in accordance with Article 30 to supplement this Regulation by specifying the following modalities under which a data holder shall make available customer data pursuant to Article 5(1) for that category of data:
Amendment 505 #
Proposal for a regulation Article 11 – paragraph 1 – introductory part In the event that a financial data sharing scheme is not developed for one or more categories of customer data listed in Article 2(1) and there is no realistic prospect of such a scheme being set up within a reasonable amount of time, the Commission is empowered, in consultation with the European Data Protection Board, to adopt a delegated act in accordance with Article 30 to supplement this Regulation by specifying the following modalities under which a data holder shall make available customer data pursuant to Article 5(1) for that category of data:
Amendment 506 #
Proposal for a regulation Article 11 – paragraph 1 – point b (b) a model to determine the
Amendment 507 #
Proposal for a regulation Article 12 – paragraph 1 1. A financial information service provider shall be eligible to access customer data under Article 5(1) for the provision of financial information services if it is authorised by the competent authority of a Member State.
Amendment 508 #
Proposal for a regulation Article 12 – paragraph 1 1. A financial information service provider shall be eligible to access customer data under Article 5(1) for the provision of financial information services if it is authorised by the competent authority of a Member State.
Amendment 509 #
Proposal for a regulation Article 12 – paragraph 1 a (new) 1 a. An account information service provider registered under Directive (EU) 2015/2366 shall be eligible to access customer data under Article 5(1) only if they have obtained an authorisation as a financial information service provider.
Amendment 510 #
Proposal for a regulation Article 12 – paragraph 1 a (new) 1 a. A registered account information service provider as defined in Directive 2015/2366/EU may only access data under Article 5(1) if they have been authorised as a financial information service provider.
Amendment 511 #
Proposal for a regulation Article 12 – paragraph 2 – subparagraph 1 – introductory part A financial information service provider shall submit an application for authorisation to the competent authority of the Member State of establishment of its registered office, or, in the case of a legal person or other undertaking established in a third country, in the Member State where those legal persons have appointed their representative, together with the following:
Amendment 512 #
Proposal for a regulation Article 12 – paragraph 2 – subparagraph 1 – point a (a) a programme of operations setting out in particular the type of access to data
Amendment 513 #
Proposal for a regulation Article 12 – paragraph 2 – subparagraph 1 – point a (a) a programme of operations setting out in particular the type of access to data envisaged and if the financial information service provider holds any customer data under Article 2(1);
Amendment 514 #
Proposal for a regulation Article 12 – paragraph 2 – subparagraph 1 – point b (b) a business plan
Amendment 515 #
Proposal for a regulation Article 12 – paragraph 2 – subparagraph 1 – point b (b) a business plan including. where applicable, a forecast budget calculation
Amendment 516 #
Proposal for a regulation Article 12 – paragraph 2 – subparagraph 1 – point j (j) the address of the applicant’s head office and, where available, the Legal Entity Identifier (LEI);
Amendment 517 #
Proposal for a regulation Article 12 – paragraph 3 – subparagraph 1 – introductory part Financial information service providers shall hold a professional indemnity insurance covering the territories in which they
Amendment 518 #
Proposal for a regulation Article 12 – paragraph 3 – subparagraph 1 – introductory part Financial information service providers shall hold a professional indemnity insurance or other comparable guarantee, covering the territories in which they access data, or some other comparable guarantee, and shall ensure the following:
Amendment 519 #
Proposal for a regulation Article 12 – paragraph 4 – subparagraph 1 – point a (a) the information to be provided to the competent authority in the application for the authorisation of financial information service providers, including the requirements laid down in paragraph
Amendment 520 #
Proposal for a regulation Article 12 – paragraph 4 – subparagraph 1 – point c (c) what is a comparable guarantee, as referred in paragraph
Amendment 521 #
Proposal for a regulation Article 12 – paragraph 4 – subparagraph 1 – point d (d) the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee referred to in paragraph
Amendment 522 #
Proposal for a regulation Article 12 – paragraph 4 – subparagraph 2 – point b (b) whether the undertaking provides other types of services
Amendment 523 #
Proposal for a regulation Article 12 – paragraph 4 – subparagraph 2 – point b (b) whether the undertaking provides other types of services or is engaged in other business or is a data holder;
Amendment 524 #
Proposal for a regulation Article 12 – paragraph 4 a (new) 4 a. Any undertaking designated as a gatekeeper, pursuant to Article 3 of Regulation (EU) 2022/1925, shall not be eligible for authorisation as a financial information service provider under this Regulation.
Amendment 525 #
Proposal for a regulation Article 13 Amendment 526 #
Proposal for a regulation Article 13 Amendment 527 #
Proposal for a regulation Article 13 – paragraph 4 4. Financial information service providers shall notify the name, address, the electronic mail address and telephone number of their legal representative to the competent authority in the Member State where that legal representative resides or is established. They shall ensure that that information is up to date on an ongoing basis.
Amendment 528 #
Proposal for a regulation Article 14 – paragraph 1 1. The competent authority shall grant an authorisation if the information and evidence accompanying the application complies with of the requirements laid down in Article 1
Amendment 529 #
Proposal for a regulation Article 14 – paragraph 1 1. The competent authority shall grant an authorisation if the information and evidence accompanying the application complies with of the requirements laid down in Article 11(1) and (2). Before granting an authorisation, the competent authority
Amendment 530 #
Proposal for a regulation Article 14 – paragraph 2 Amendment 531 #
Proposal for a regulation Article 14 – paragraph 2 Amendment 532 #
Proposal for a regulation Article 14 – paragraph 2 – point c (c)
Amendment 533 #
Proposal for a regulation Article 14 – paragraph 4 a (new) 4 a. The competent authority shall grant an authorisation only if it is satisfied that the governance arrangements of the financial information service provider demonstrate that it intends to carry out substantive business activities in the Member State where it has its registered office.
Amendment 534 #
Proposal for a regulation Article 14 – paragraph 5 5. The competent authority shall grant an authorisation only if it is satisfied that any outsourcing arrangements
Amendment 535 #
Proposal for a regulation Article 14 – paragraph 6 6. Within
Amendment 536 #
Proposal for a regulation Article 14 – paragraph 7 – subparagraph 1 – point c a (new) (c a) if a supervisory authority under Regulation (EU) 2016/679 establishes that a financial information service provider has breached its obligations under EU data protection laws;
Amendment 537 #
Proposal for a regulation Article 14 – paragraph 7 – subparagraph 1 – point d a (new) (d a) would be found in breach of Regulation (EU) 2016/679. Supervisory authorities established under article 51 of the same Regulation shall be the ones to notify that an infringement has been established.
Amendment 538 #
Proposal for a regulation Article 14 – paragraph 7 – subparagraph 2 The competent authority shall give reasons for any withdrawal of an authorisation and shall inform those concerned accordingly. The competent authority shall make public the withdrawal of an authorisation
Amendment 539 #
Proposal for a regulation Article 14 – paragraph 7 a (new) 7 a. An appropriate remuneration scheme shall be put in place in the financial data sharing schemes to enable consumer participation in their governance.
Amendment 540 #
Proposal for a regulation Article 15 – paragraph 1 – point a (a) the authorised financial information service providers
Amendment 541 #
Proposal for a regulation Article 15 – paragraph 1 – point c a (new) (c a) The information listed in Article 28(2).
Amendment 542 #
Proposal for a regulation Article 15 – paragraph 2 Amendment 543 #
Proposal for a regulation Article 15 – paragraph 2 Amendment 544 #
Proposal for a regulation Article 15 – paragraph 3 3. The register shall be publicly available on EBA’s website and shall allow for easy searching and accessing the information listed and should be machine readable.
Amendment 545 #
Proposal for a regulation Article 15 – paragraph 3 3. The register shall be publicly available on EBA’s website and shall allow for easy searching and accessing the information listed, free of charge.
Amendment 546 #
Proposal for a regulation Article 15 – paragraph 5 5. The competent authorities of Member States shall communicate without delay to EBA the information necessary to fulfil its tasks pursuant to paragraphs 1, 3, and
Amendment 547 #
Proposal for a regulation Article 18 – paragraph 1 – subparagraph 1 – point b – point viii (viii) to request the freezing or sequestration of assets, or both, in accordance to relevant national law;
Amendment 548 #
Proposal for a regulation Article 18 – paragraph 1 – subparagraph 1 – point c – point iii (iii) where appropriate, to order domain registries or registrars to delete a fully qualified domain name and to allow the competent authority concerned to re
Amendment 549 #
Proposal for a regulation Article 18 a (new) Article 18a Complaints Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the competent authorities of article 17 of this Regulation related to the provisions of this Regulation. Where the complaint concerns the rights of natural persons pursuant to Regulation (EU) 2016/679 the competent authority shall transmit the complaint to the supervisory authorities under Regulation (EU) 2016/679 and shall consult and cooperate with them in the handling of such complaints.
Amendment 550 #
Proposal for a regulation Article 20 – paragraph 3 – point a Amendment 551 #
Proposal for a regulation Article 20 – paragraph 3 – point f (f) in the case of a natural person, maximum administrative fines of up to EUR
Amendment 552 #
Proposal for a regulation Article 20 – paragraph 3 – point f (f) in the case of a natural person, maximum administrative fines of up to EUR
Amendment 553 #
Proposal for a regulation Article 20 – paragraph 4 – subparagraph 1 – point a Amendment 554 #
Proposal for a regulation Article 20 – paragraph 4 – subparagraph 1 – point a (a)
Amendment 555 #
Proposal for a regulation Article 20 – paragraph 4 – subparagraph 1 – point b (b)
Amendment 556 #
Proposal for a regulation Article 20 – paragraph 4 – subparagraph 1 – point b (b)
Amendment 557 #
Proposal for a regulation Article 22 – paragraph 1 – point a (a) the nature, gravity and the duration of the breach taking into account the nature scope or purpose of the processing concerned as well as the number of data subjects affected and the level of damage suffered by them;
Amendment 558 #
Proposal for a regulation Article 22 – paragraph 1 – point f a (new) (f a) the categories of personal data affected by the infringement;
Amendment 559 #
Proposal for a regulation Article 22 – paragraph 1 – point k a (new) (k a) the manner in which the infringement became known to the supervisory authority, in particular whether, and if so to what extent, the controller or processor notified the infringement;
Amendment 560 #
Proposal for a regulation Article 27 a (new) Article 27a Competent Authorities Role in the Setting up of Financial Data Sharing Schemes Competent authorities may be consulted on market-driven initiatives as regards the setting up of Financial Data Sharing Schemes as provided in Article 9. In such a consultative role they may share non- sensitive data in order to assist in setting up such schemes, with the aim of promoting standardisation, customer friendly interfaces, and sharing best practices.
Amendment 561 #
Proposal for a regulation Article 30 – paragraph 2 Amendment 562 #
Proposal for a regulation Article 30 – paragraph 3 Amendment 563 #
Proposal for a regulation Article 30 – paragraph 3 3. The delegation of powers referred to in Article 2(4a), Article 2(4b), and Article 11, may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
Amendment 564 #
Proposal for a regulation Article 30 – paragraph 4 4. Before adopting a delegated act, the Commission shall consult stakeholders and experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
Amendment 565 #
Proposal for a regulation Article 30 – paragraph 6 Amendment 566 #
Proposal for a regulation Article 30 – paragraph 6 6. A delegated act adopted pursuant to Article 2(4a), Article 2(4b), and Article 11, shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months on the initiative of the European Parliament or of the Council.
Amendment 567 #
Proposal for a regulation Article 30 – paragraph 6 a (new) 6 a. When applying Article 2(4a), Article 2(4b), and Article 11, the European Commission shall consult with all relevant stakeholders and the European Supervisory Authorities for the development and amendment of use cases.
Amendment 568 #
Proposal for a regulation Article 31 – paragraph 1 – introductory part 1. By [OP please insert the date =
Amendment 569 #
Proposal for a regulation Article 31 – paragraph 1 – introductory part 1. By [OP please insert the date =
Amendment 570 #
Proposal for a regulation Article 31 – paragraph 1 – point b Amendment 571 #
Proposal for a regulation Article 31 – paragraph 1 – point d (d) the inclusion of other types of entities
Amendment 572 #
Proposal for a regulation Article 31 – paragraph 1 – point e a (new) (e a) the impact the Regulation has had on financial inclusion and financial product and services simplicity;
Amendment 573 #
Proposal for a regulation Article 31 – paragraph 1 – point e a (new) (e a) the impact of the regulation on financial exclusion.
Amendment 574 #
Proposal for a regulation Article 31 – paragraph 1 – point e a (new) (e a) the adequacy of the administrative penalties and measures.
Amendment 575 #
Proposal for a regulation Article 31 – paragraph 1 – point e a (new) (ea) costs of compliance with this Regulation.
Amendment 576 #
Proposal for a regulation Article 31 – paragraph 1 – point e b (new) (e b) the impact of this Regulation on sustainable finance.
Amendment 577 #
Proposal for a regulation Article 31 – paragraph 2 Amendment 578 #
Proposal for a regulation Article 31 – paragraph 2 2. By [OP please insert the date =
Amendment 579 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date = 24 months after the date of entry into force of this Regulation]. However, Articles 9 to 13 shall apply from [OP please insert the date = 18 months after the date of entry into force of this Regulation]. The application of this Regulation shall be congruent with the application dates of Regulation (EU) … [XXX - PSR] and Directive (EU) … [XXX - PSD3] and no earlier.
Amendment 580 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 581 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date = 24 months after the date of entry into force of this Regulation].
Amendment 582 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 583 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 584 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 585 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 586 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 587 #
Proposal for a regulation Article 36 – paragraph 2 It shall apply from [OP please insert the date =
Amendment 588 #
Proposal for a regulation Article 36 a (new) Article 36a Review Five years after entry into force of this regulation, the European Commission shall review he application of this regulation and present a report to the European Parliament and the Council. The report shall assess in particular: (a) whether the scope should be extended to data collected for the purposes of carrying out an assessment of suitability and appropriateness and what legislative changes would be warranted to allow for such an extension of the scope; (b) whether the financial data schemes introduced in this regulation work as intended, in particular for small and medium-sized companies; (c) the impact on overall competition and market structure; Where appropropriate, the report shall be accompanied by a legislative proposal.
source: 758.858
|
History
(these mark the time of scraping, not the official date of the change)
2024-04-19Show (2) Changes | Timetravel
| events/2 |
|
| procedure/Other legal basis |
Rules of Procedure EP 159
|
2024-03-15Show (1) Changes | Timetravel
| forecasts |
|
2024-02-29Show (3) Changes | Timetravel
| docs/5 |
|
| forecasts/0/date |
Old
2024-03-21T00:00:00New
2024-03-20T00:00:00 |
| forecasts/1 |
|
2024-02-13Show (1) Changes | Timetravel
| forecasts/1 |
|
2024-02-11Show (2) Changes | Timetravel
| docs/5 |
|
| docs/6 |
|
2024-01-04Show (1) Changes | Timetravel
| docs/4 |
|
2023-12-08Show (1) Changes | Timetravel
| docs/4 |
|
2023-11-21Show (1) Changes | Timetravel
| docs/3 |
|
2023-10-26Show (1) Changes | Timetravel
| committees/1/opinion |
False
|
2023-10-21Show (5) Changes | Timetravel
| committees/1 |
|
| committees/3 |
|
| events/1 |
|
| procedure/dossier_of_the_committee |
|
| procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
2023-10-12Show (1) Changes | Timetravel
| forecasts |
|
2023-10-11Show (1) Changes | Timetravel
| commission |
|
2023-09-28Show (4) Changes | Timetravel
| committees/0/shadows/3 |
|
| committees/1 |
Old
New
|
| committees/2 |
Old
New
|
| committees/3 |
Old
New
|
2023-09-21Show (1) Changes | Timetravel
| committees/1/opinion |
False
|
2023-09-19Show (1) Changes | Timetravel
| committees/0/shadows/2 |
|
2023-09-13Show (1) Changes | Timetravel
| committees/0/rapporteur |
|
2023-09-03Show (1) Changes | Timetravel
| procedure/Legislative priorities |
|
2023-09-01Show (1) Changes | Timetravel
| committees/0/shadows/0 |
|
2023-07-29Show (3) Changes | Timetravel
| committees/0/shadows |
|
| committees/1 |
Old
New
|
| committees/2 |
Old
New
|
2023-07-27Show (3) Changes | Timetravel
| committees/1 |
|
| committees/1/opinion |
False
|
| committees/2 |
|
2023-07-22Show (5) Changes
| docs/0 |
|
| docs/0 |
|
| docs/0/docs/0 |
|
| docs/1 |
|
| events/0/summary |
|