EDPB PUBLISHES GUIDELINES ON THE INTERPLAY OF THE SECOND PAYMENT SERVICE DIRECTIVE AND GDPR

22.07.2020

The European Data Protection Board (“EDPB”) adopted the Guidelines 06/2020 on the interplay of the Second Payment Services Directive (“PSD2”) and the GDPR on 17.07.2020.

The PSD2 which introduce a number of novelties in the payment service field, creates new opportunities for consumers and enhances transparency in such field. However, the application of the PSD2 raises certain questions and concerns in respect of the need that the data subjects remain in full control of their personal data.

As letters issued by EDPB regarding PSD2, this guideline addresses conditions for granting access to payment account information by account servicing payment service providers and for the processing of personal data by payment initiation service providers and account information service providers, including the requirements and safeguards in relation to the processing of personal data by payment initiation service providers and account information service providers for purposes other than the initial purposes for which the data have been collected, especially when they have been collected in the context of the provision of an account information service.

Moreover, the Guidelines is to addresses different notions of explicit consent under the PSD2 and the GDPR, the processing of ‘silent party data’, the processing of special categories of personal data by payment initiation service providers and account information service providers, the application of the main data protection principles set forth by the GDPR, including data minimisation, transparency, accountability and security measures.

You can read the full text of the Guidelines here.

Should you have any queries and/or remarks, please do not hesitate to contact us. 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr