Joint Payments Industry Letter on Final EDPB Guidelines PSD2 GDPR Interplay
BRUSSELS, 1 February 2022 – The EBF, together with a number of EU payment sector associations, has written to the European Data Protection Board, the European Commission and the European Banking Authority regarding the EDPB Guidelines on the Interaction between PSD2 and GDPR. The letter highlights that while the payments sector remains fully committed to ensuring the protection of EU citizen’s data- including within the framework of PSD2 – there are concerns that the enforcement of the Guidelines will lead to an outcome that is not in line with PSD2 objectives, therefore hindering innovation and competition in payments.
While the final Guidelines help in clarifying certain aspects of the interplay,
- Elements such as the provisions on data minimization raise concern and new uncertainties;
- There is still lack of coherence with the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication (RTS on SCA & CSC);
- There are resulting concerns that national Data Protection Authorities could start taking a differentiated approach to the interpretation of the provisions, resulting in fragmentation across the EU and adding to a growing trend when it comes to GDPR implementation.
Liga Semane, Policy Adviser, Innovation & Data, email@example.com
Anni Mykkanen, Senior Adviser, Payments & Innovation, firstname.lastname@example.org
About the EBF:
The European Banking Federation is the voice of the European banking sector, bringing together national banking associations from across Europe. The EBF is committed to a thriving European economy that is underpinned by a stable, secure and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.