EDPB’s consultation on the interplay of the PSD2 and the GDPR: EBF response

18 September 2020

EBF has responsed to the European Data Protection Board’s (EDPB) consultation on the draft guidelines on the interplay of the PSD2 and GDPR. We welcome the EDPB’s efforts to clarify uncertainties that persist between these two essential legislative frameworks for the banking sector.

While there are elements which the draft Guidance clarifies, for example, the welcome confirmation that explicit consent under Article 94 PSD2 is different from (explicit) consent under GDPR, other elements are more worrying (e.g. proposals on data minimisation measures). In particular, EBF members are concerned on the lack of coherence in some cases with the provisions of PSD2 which could lead to creating further uncertainties instead of resolving existing ones and result, in some cases, a breach of legal obligations on the part of banks in their role as ASPSPs.

To realize the opportunities offered by the PSD2, ensure legal certainty for all parties and safeguard the protection of consumer data, we encourage the EDPB to consider the following:

EDPB’s consultation