interesting view on observability and purpose from EU
We now have new requirements - observability and purpose - it seems that the idea of a general purpose wallet has been effectively eliminated in the EU and by those states that mandate their own wallets for their own creds. Statement by the Commission on unobservability on the occasion of the adoption of Regulation 2024/... + The Commission welcomes the agreement reached, which in its view, confirms that this amending Regulation does not allow for the processing of personal data contained in or arising from the use of the European Digital Identity Wallet by the Wallet providers for other purposes than delivering wallet services. The Commission also welcomes the inclusion of the concept of *unobservability in Recital (11c) of the draft amending Regulation, which should prevent wallet providers from collecting and seeing the details of user’s day-to-day transactions.* The Commission is of the view that this concept means that there should not be correlation of data across different services for the purposes of user tracking or tracing or for determining, analysing and predicting personal behaviour, interests or habits. At the same time, the Commission acknowledges that, in full compliance with Regulation (EU) 2016/679, the providers of European Digital Identity Wallets may access certain categories of personal data with the user’s explicit consent, such as in order to ensure continuity in the provision of wallet services or to protect users from disruptions in their provision.* That data should be limited to what is necessary for each specific purpose.’ * AM_Ple_LegStatOther (europa.eu) <https://www.europarl.europa.eu/doceo/document/A-9-2023-0038-AM-007-007_EN.pdf>
See wrt purpose previous work https://kantara.atlassian.net/wiki/spaces/archive/pages/3508491/MVCR+Purpose... https://kantara.atlassian.net/wiki/spaces/archive/pages/3508305/Appendix+CR+... https://kantara.atlassian.net/wiki/spaces/WA/pages/48727183?search_id=2f8df1... observability = transparency ? From: Tom Jones <thomasclinganjones@gmail.com> Sent: Friday, March 1, 2024 12:15 PM To: pemc kantara <Wg-pemc@kantarainitiative.org> Subject: [WG-PEMC] interesting view on observability and purpose from EU We now have new requirements - observability and purpose - it seems that the idea of a general purpose wallet has been effectively eliminated in the EU and by those states that mandate their own wallets for their own creds. Statement by the Commission on unobservability on the occasion of the adoption of Regulation 2024/... + The Commission welcomes the agreement reached, which in its view, confirms that this amending Regulation does not allow for the processing of personal data contained in or arising from the use of the European Digital Identity Wallet by the Wallet providers for other purposes than delivering wallet services. The Commission also welcomes the inclusion of the concept of unobservability in Recital (11c) of the draft amending Regulation, which should prevent wallet providers from collecting and seeing the details of user’s day-to-day transactions. The Commission is of the view that this concept means that there should not be correlation of data across different services for the purposes of user tracking or tracing or for determining, analysing and predicting personal behaviour, interests or habits. At the same time, the Commission acknowledges that, in full compliance with Regulation (EU) 2016/679, the providers of European Digital Identity Wallets may access certain categories of personal data with the user’s explicit consent, such as in order to ensure continuity in the provision of wallet services or to protect users from disruptions in their provision. That data should be limited to what is necessary for each specific purpose.’ AM_Ple_LegStatOther (europa.eu) <https://www.europarl.europa.eu/doceo/document/A-9-2023-0038-AM-007-007_EN.pdf>
participants (2)
-
Salvatore D'Agostino
-
Tom Jones