The obligations arising from the PSD2 and their interplay with GDPR's are a backbone of Fintech Giulio Coraggio Follow on Twitter Send an email August 14, 2020 The Fintech revolution relies on data flows enhanced by the PSD2, which requires certainty now aimed by the European Data Protection Board guidelines on the interplay between the PSD2 and the GDPR, which leave gray areas though.

Apr 11, 2019 An exploration of the notion of consent in PSD2 and GDPR 27 EDPB, 'Letter regarding PSD2 directive' (EDPB, 84-2018, 5 July 2018)

PSD2-GDPR guidelines in consultation | EDPB Geplaatst op 3 augustus 2020 door Ellen Timmer, advocaat ondernemingsrecht @Pellicaan During its 34th plenary session, the EDPB adopted draft Guidelines on the interplay between the second Payment Services Directive (PSD2) and the GDPR, read this press release , where they say: GDPR introduces a new, and very high, standard for the type of consent required for the processing of personal data. Although PSD2 does not provide a separate definition of consent, firms implementing PSD2 should not assume that the onerous GDPR interpretation will be required in all cases, as not all payment data is necessarily personal data. 2. Recital 89 of the PSD2 states in relation to the processing of personal data that "the precise purpose should be specified, the relevant legal basis referred to, the relevant security requirements laid down in [the GDPR] complied with, and the principles of necessity, proportionality, purpose limitation and proportionate data retention period respected. Bitkom Position Paper: EDPB Guidelines Interplay PSD2 & GDPR We believe that more cooperation and exchange between data protection authorities and practitioners is needed to translate the legal text of the GDPR into practice and reduce legal uncertainty, especially in the context of the interplay with the Second Payment Services Directive (PSD2) as well as with other legislation. the safeguards laid down in Article 9(1) GDPR.

Edpb gdpr psd2

2. Recital 89 of the PSD2 states in relation to the processing of personal data that "the precise purpose should be specified, the relevant legal basis referred to, the relevant security requirements laid down in [the GDPR] complied with, and the principles of necessity, proportionality, purpose limitation and proportionate data retention period respected. Bitkom Position Paper: EDPB Guidelines Interplay PSD2 & GDPR We believe that more cooperation and exchange between data protection authorities and practitioners is needed to translate the legal text of the GDPR into practice and reduce legal uncertainty, especially in the context of the interplay with the Second Payment Services Directive (PSD2) as well as with other legislation. the safeguards laid down in Article 9(1) GDPR. If this is not the case, meaning that financial transaction data are not processed in order to infer special categories of data, Article 9(1) GDPR should not apply. Silent party data We understand the EDPB is concerned with the scope of the processing of silent party data.

BRUSSELS, 28 October 2020 – The EBF, together with a number of other industry associations representing Payment Service Providers, have sent a joint industry letter to the Europea Data Protection Board (EDPB) on the planned EDPB Guidelines on the interplay between the second Payment Services Directive (PSD2) and the General Data Protection Regulation (GDPR).

Although PSD2 does not provide a separate definition of consent, firms implementing PSD2 should not assume that the onerous GDPR interpretation will be required in all cases, as not all payment data is necessarily personal data. 2. This measure, which would appear to contradict the GDPR, was included – well, that’s awkward – in the legislation that implements the GDPR. Below are the questions sent to the Commission.

PSD2 and GDPR: EDPB offers clarity – but is it enough? The second Payment Services Directive (PSD2) includes requirements in relation to the processing of data, but they do not work very well in conjunction with the General Data Protection Regulation (GDPR).

Det så kallade PSD2-direktivet reglerar betaltjänster inom EES. L’EPB ha pubblicato la versione definitiva delle linee guida volte a regolare il rapporto tra la normativa sui pagamenti PSD2 e il regolamento sulla data protection GDPR: ecco cosa cambia dopo la messa in consultazione e l’approvazione finale del documento. 11 Gen 2021. PSD2 and GDPR: EDPB offers clarity – but is it enough? The second Payment Services Directive (PSD2) includes requirements in relation to the processing of data, but they do not work very well in conjunction with the General Data Protection Regulation (GDPR).

As recognized by the EDPB Guidelines, all PISPs and AISPs are obliged entities under Art. 3(2) of the AML Directive. As such, TPPs have the legal obligation to process personal data when applying The obligations arising from the PSD2 and their interplay with GDPR's are a backbone of Fintech Giulio Coraggio Follow on Twitter Send an email August 14, 2020 The Fintech revolution relies on data flows enhanced by the PSD2, which requires certainty now aimed by the European Data Protection Board guidelines on the interplay between the PSD2 and the GDPR, which leave gray areas though. PSD2 and GDPR: EDPB offers clarity – but is it enough?
Gotene lediga jobb

The European Data Protection Board welcomes comments on the Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR - version for public consultation. Such comments should be sent by September 16th at the latest using the provided form. Please note that, by submitting your The EDPB’s guidance is the first assessment of some of the issues resulting from the interplay between PSD2 and GDPR.

There’s also little guidance at this point, so there’s no clear path forward. One consideration is the potential fines of non-compliance. GDPR is a Regulation and failures have GDPR and PSD2 are two legal initialisms that have both generated a great deal of press coverage in recent months, but they are seldom considered together.
Maria nilsson stockholm

2020-10-23

Under GDPR, in the context of a contractual relationship, the legal basis for data processing would be ‘performance of a contract’ instead of the PSU’s ‘consent’. Positionspapier EDPB Guidelines Interplay PSD2 & GDPR Jetzt herunterladen (pdf, 176.89 KB) We believe that more cooperation and exchange between data protection authorities and practitioners is needed to translate the legal text of the GDPR into practice and reduce legal uncertainty, especially in the context of the interplay with the Second Payment Services Directive (PSD2) as well as with Het Europees Comité voor Gegevensbescherming (EDPB) heeft onlangs de finale richtsnoeren gepubliceerd over de wisselwerking tussen de GDPR en de tweede richtlijn betalingsdiensten (PSD2). Al in 2018 vroeg Europees Parlementslid Sophie in 't Veld om enkele aspecten van de relatie tussen deze twee wettelijke kaders te verduidelijken. In July 2020, the European Data Protection Board (“EDPB”) has published its guidelines on the interplay between PSD2 and GDPR for public consultation. While the guidelines confirm the EDPB’s previous remarks on the two laws — such as the lawful basis for processing personal data in the Open Banking ecosystem — the guidelines perhaps add further uncertainty on what organisations According to the European Data Protection Board’s (EDPB) guidance, PSPs must comply with both the PSD2 and GDPR. This means that PSPs could also use the legal basis provided by the GDPR as PSD2 As such, the EDPB interprets Article 94(2) of PSD2 as imposing something akin to transparency obligations (rather than GDPR level consent) — the data subject must be fully aware of the purposes for which their personal data is processed, and must explicitly agree to those clauses (which should be set out separately from other contractual matters).

The EDPB opines that explicit consent under the PSD2 is different from explicit consent under the GDPR. Explicit consent under the PSD2 is a contractual requirement so that the service provider can access and conduct subsequent processing and storage of personal data in order to provide payment services.

In line with the approach taken by the majority of the payment services industry, the EDPB confirmed that "explicit consent" under Article 94(2) of PSD2, is an additional "contractual consent" and a separate concept to 'explicit consent' under the GDPR. that are not regulated by the PSD2" EDPB Guidelines 2/2019 •'Necessary for performance' requires something more than a contractual clause •Contracts cannot artificially expanded •No bundling: necessity to be assessed for each service PSD2 •AIS GDPR •Categorising transactions •Assessing affordability •Disclosing data to brokers The EDPB also considers that the lawful basis to process personal data under the GDPR would be the contractual necessity (not GDPR consent).

Consequently, and from a practical perspective, when implementing the PSD2, PSPs will have to build an explicit consent mecha- Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is “consent” required to access payment data and what does consent mean? Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is “consent” required to access payment data and what does consent mean? PSD2 aims to create access to personal data while GDPR aims to protect it. When properly implemented in harmony, the legislation can enable banks to better protect and serve consumers, move beyond compliance and seize new opportunities for growth.