"The EDPS [ed. European Data Protection Supervisor] considers that the proposed Regulation should establish a minimum set of requirements, in particular with respect to the circumstances, formats and procedures associated to security as well as the criteria, conditions and requirements, including the determination of what constitutes the state of the art in terms of security for electronic trust services," it said.The world can always use more Transparency and Consent.
The watchdog said that if common security requirements are not to be set out in the new laws, then provision should be put in place to allow the European Commission to "define where needed, through a selective use of delegated acts or implementing measures, the criteria, conditions and requirements for security in electronic trust services and identification schemes".
Assistant EDPS Giovanni Buttarelli, who signed the opinion, said that the proposed new law should set out a requirement that trust service providers and electronic identification issuers should have to provide individuals who use their services with "appropriate information on the collection, communication, and retention of their data". He added that those organisations should also have to provide individuals with "a means to control their personal data and exercise their data protection rights".
Special attention for biometric data follows the section quoted above.
The pdf of the Supervisors report can be found here:
Opinion of the European Data Protection Supervisor on the Commission proposal for a Regulation of the European Parliament and of the Council on trust and confidence in electronic transactions in the internal market (Electronic Trust Services Regulation)