EDSA: defi­ni­ti­ve gui­dance on the rela­ti­on­ship bet­ween PSD II and the GDPR.

Direc­ti­ve 2015/2366 of 25 Novem­ber 2015 on payment ser­vices in the inter­nal mar­ket […] (Second Payment Ser­vices Direc­ti­ve, Second Payment Ser­vices, PSD II or PSD2; to be imple­men­ted by the mem­ber sta­tes by Janu­ary 13, 2018; in Ger­ma­ny by the Payment Ser­vices Super­vi­si­on Act) is inten­ded, among other things, to impro­ve the offe­ring in the EU retail payments mar­ket for con­su­mers and to estab­lish hig­her secu­ri­ty stan­dards for online payments. Howe­ver, it also affects new pro­vi­ders (so-cal­led third par­ty payment ser­vice pro­vi­ders, TPPs), e.g., payment initia­ti­on ser­vice pro­vi­ders (“PISPs”) and account infor­ma­ti­on ser­vice pro­vi­ders (“AISPs”). Banks will be requi­red to set up inter­faces through which third-par­ty ser­vice pro­vi­ders can access bank cus­to­mers’ payment accounts (“open banking”).

In Switz­er­land, PSD II does not app­ly (not even to cross-bor­der payments from the EEA to Switz­er­land and vice ver­sa; howe­ver, this is pro­ba­b­ly dif­fe­rent for con­su­mer con­tracts with cus­to­mers in the EEA) and the Swiss Ban­kers Asso­cia­ti­on has oppo­sed the intro­duc­tion of a cor­re­spon­ding regu­la­ti­on.

The PSD II con­ta­ins seve­ral Pro­vi­si­ons on data secu­ri­ty and data pro­tec­tion, the que­sti­ons in the Inter­ac­tion with the GDPR The new law rai­ses a num­ber of issues, such as the pro­vi­si­on that payment initia­ti­on and account infor­ma­ti­on ser­vice pro­vi­ders may not misu­se data, or the requi­re­ment that payment ser­vice pro­vi­ders retrie­ve, pro­cess, and store per­so­nal data neces­sa­ry for payment ser­vices only with the “expli­cit con­sent” of the payment ser­vice user.

On the­se issues, the Euro­pean Data Pro­tec­tion Com­mit­tee (EDSA) has now published the second ver­si­on of the Gui­de­lines (Gui­de­lines 06/2020 on the inter­play of the Second Payment Ser­vices Direc­ti­ve and the GDPR, ver­si­on 2.0, Decem­ber 15, 2020.) published (accor­ding to the draft ver­si­on of July 22, 2020).




Rela­ted articles