PSD2-GDPR guidelines in consultation | EDPB

During its 34th plenary session, the EDPB adopted draft Guidelines on the interplay between the second Payment Services Directive (PSD2) and the GDPR, read this press release, where they say:

The EDPB adopted Guidelines on the second Payment Services Directive (PSD2). PSD2 modernises the legal framework for the payment services market. Importantly, PSD2 introduces a legal framework for new payment initiation services (PISP) and account information services (AISP). Users can request that these new payment service providers are granted access to their payment accounts. Following a stakeholders workshop in February 2019, the EDPB developed Guidelines on the application of the GDPR to these new payment services.

The Guidelines point out that in this context the processing of special categories of personal data is generally prohibited (in line with Article 9 (1) GDPR), except when explicit consent is given by the data subject (Article 9 (2) (a) GDPR) or processing is necessary for reasons of substantial public interest (Article 9 (2) (g) GDPR).

The Guidelines also address conditions under which Account Servicing Payment Service Providers (ASPSPs) grant access to payment account information to PISPs and AISPs, especially granular access to payment accounts.

The Guidelines clarify that neither Article 66 (3) (g) nor Article 67 (2) (f) of the PSD2 allow for any further processing, unless the data subject has given consent pursuant to Article 6 (1) (a) of the GDPR or the processing is laid down by Union law or Member State law. The Guidelines will be submitted for public consultation.

The consultation on the draft Guidelines has started on 22 July, read the announcement. The consultation will end on 16 September 2020.


All PSD2-posts on this blog.

Over Ellen Timmer, advocaat ondernemingsrecht @Pellicaan

Verbonden aan Pellicaan Advocaten,, kantoor Rotterdam, telefoon 088-6272287, fax 088-6272280, e-mail ||| Weblogs: algemeen: || modernisering ondernemingsrecht: ||| Motto: goede bedoelingen rechtvaardigen geen slechte regels
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, ICT, privacy, e-commerce en getagged met , , , . Maak dit favoriet permalink.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen. logo

Je reageert onder je account. Log uit /  Bijwerken )


Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s