BETA

10 Amendments of Maite PAGAZAURTUNDÚA related to 2021/0136(COD)

Amendment 22 #
Proposal for a regulation
Recital 8
(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member Statehave to register with the Member States before they are able to rely on the European Digital Identity Wallets. Any natural or legal persons should be able to submit a complaint if they have concerns regarding the use by a relying party of the European Digital Identity Wallets. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law. In order to facilitate the registration procedure, a successful registration for using the European Digital Identity Wallets should enable expedited processing of registrations for similar uses.
2022/06/13
Committee: LIBE
Amendment 26 #
Proposal for a regulation
Recital 9
(9) All European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. The users should have access to a simple interface that would allow them to have an overview over their current and previous authorisations of sharing of personal data or electronic attestation of attributes and have the possibility to withdraw their consent. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e-mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
2022/06/13
Committee: LIBE
Amendment 44 #
Proposal for a regulation
Recital 17
(17) Service providers use the identity data provided by the set of person identification data available from electronic identification schemes pursuant to Regulation (EU) No 910/2014 in order to match users from another Member State with the legal identity of that user. However, despite the use of the eIDAS data set, in many cases ensuring an accurate match requires additional information about the user and specific unique identification procedures at national level. To further support the usability of electronic identification means, this Regulation should require Member States to take specific measures to ensure a correct identity match in the process of electronic identification. For the same purpose, this Regulation should also extend the mandatory minimum data set and require the use of a unique and persistent electronic identifier in conformity with Union law in those cross-border cases where it is necessary to legally identify the user upon his/her request in a unique and persistent way. However, given the potential risks to privacy inherent to a unique and persistent identifier, its use shall be restricted in all other cases.
2022/06/13
Committee: LIBE
Amendment 114 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 3 – point a
(a) securely request and obtain, store, select, combine and share, in a manner that is transparent to and traceable by the user, the necessary legal person identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services, while ensuring that selective disclosure is possible;
2022/06/13
Committee: LIBE
Amendment 116 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 3 – point aa
(a a) view and manage the transactions or uses of person identification data and electronic attestation of attributes that the user has agreed to;
2022/06/13
Committee: LIBE
Amendment 122 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – subpoint 2
(2) for relying parties to request and validate person identification data and electronic attestations of attributes in accordance with the registration procedure outlined in Article 6b(1);
2022/06/13
Committee: LIBE
Amendment 161 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) No 910/2014
Article 6b – paragraph 1
1. Relying parties shall not rely upon European Digital Identity Wallets unless they have registered in accordance with the provisions of this Paragraph. Where relying parties intend to rely upon European Digital Identity Wallets issued in accordance with this Regulation, they shall communicate it toregister with the Member State where the relying party is established to, which shall ensure compliance with requirements set out in Union law or national law for the provision of the specific services. When communica for which registration is requested. When submitting their intenregistration tofor rely ing upon European Digital Identity wallets, they shall also inform about the intended use of the European Digital Identity Walletrelying parties shall inform about the intended use of the European Digital Identity Wallet. The registration system shall allow for an expedited procedure for cases where a similar use of the European Digital Identity wallets has previously been registered. Member States shall provide a mechanism that allows for the reception and investigation of complaints regarding the compliance of relying parties with the Union or national law for the provision of a service. Where relying upon the European Digital Identity Wallets for the provision of a specific service violates Union or national law, registration shall be revoked.
2022/06/13
Committee: LIBE
Amendment 175 #
Proposal for a regulation
Article 1 – paragraph 1 – point 11
Regulation (EU) No 910/2014
Article 10a – paragraph 1
1. Where European Digital Wallets issued pursuant to Article 6a and the validation mechanisms referred to in Article 6a(5) points (a), (b) and (c) are breached or partly compromised in a manner that affects their reliability or the reliability of the other European Digital Identity Wallets, the issuing Member State shall, without delay, suspend the issuance and revoke the validity of the European Digital Identity Wallet and inform the other Member States and the Commission accordingly. The issuing Member State shall endeavour to remedy the breach or compromise as soon as possible.
2022/06/13
Committee: LIBE
Amendment 207 #
Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point a – point 2
Regulation (EU) No 910/2014
Article 17 – paragraph 4 – point f
(f) to cooperate with supervisory authorities established under Regulation (EU) 2016/679, in particular, by informing them without undue delay, about the results of audits of qualified trust service providers, whereany breaches of personal data protection rules have been breached and aboutand security breaches which constitute personal data breaches; or suspicion thereof that they become aware of in the performance of their tasks;
2022/06/13
Committee: LIBE
Amendment 212 #
Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b
Regulation (EU) No 910/2014
Article 20 – paragraph 2
Where there is reason to believe that personal data protection rules appear tocould have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 of the results of its auditswithout undue delay and shall provide the results of its audits as soon as they are available.;
2022/06/13
Committee: LIBE