Guidelines 06/2020 on the interplay of the Second Payment

1929

Viktigt att tänka på vid tillämpning av PSD2 och GDPR Delphi

Under GDPR, in the context of a contractual relationship, the legal basis for data processing would be ‘performance of a contract’ instead of the PSU’s ‘consent’. Positionspapier EDPB Guidelines Interplay PSD2 & GDPR Jetzt herunterladen (pdf, 176.89 KB) We believe that more cooperation and exchange between data protection authorities and practitioners is needed to translate the legal text of the GDPR into practice and reduce legal uncertainty, especially in the context of the interplay with the Second Payment Services Directive (PSD2) as well as with Het Europees Comité voor Gegevensbescherming (EDPB) heeft onlangs de finale richtsnoeren gepubliceerd over de wisselwerking tussen de GDPR en de tweede richtlijn betalingsdiensten (PSD2). Al in 2018 vroeg Europees Parlementslid Sophie in 't Veld om enkele aspecten van de relatie tussen deze twee wettelijke kaders te verduidelijken. In July 2020, the European Data Protection Board (“EDPB”) has published its guidelines on the interplay between PSD2 and GDPR for public consultation. While the guidelines confirm the EDPB’s previous remarks on the two laws — such as the lawful basis for processing personal data in the Open Banking ecosystem — the guidelines perhaps add further uncertainty on what organisations According to the European Data Protection Board’s (EDPB) guidance, PSPs must comply with both the PSD2 and GDPR. This means that PSPs could also use the legal basis provided by the GDPR as PSD2 As such, the EDPB interprets Article 94(2) of PSD2 as imposing something akin to transparency obligations (rather than GDPR level consent) — the data subject must be fully aware of the purposes for which their personal data is processed, and must explicitly agree to those clauses (which should be set out separately from other contractual matters). La Direttiva PSD2 ha “sdoganato” il settore dei servizi di pagamento dando accesso a dati bancari anche a soggetti terzi in precedenza esclusi: ora, dopo due anni, arrivano le linee guida EDPB sul trattamento di dati personali proprio su questo tema che aiutano ad evitare “trappole” e zone grigie non risolte dal GDPR Feb 2019.

  1. Kunskaper kompetenser och utbildning
  2. Skinnbitar på halsen

Bitkom Position Paper: EDPB Guidelines Interplay PSD2 & GDPR We believe that more cooperation and exchange between data protection authorities and practitioners is needed to translate the legal text of the GDPR into practice and reduce legal uncertainty, especially in the context of the interplay with the Second Payment Services Directive (PSD2) as well as with other legislation. the safeguards laid down in Article 9(1) GDPR. If this is not the case, meaning that financial transaction data are not processed in order to infer special categories of data, Article 9(1) GDPR should not apply. Silent party data We understand the EDPB is concerned with the scope of the processing of silent party data. On the At the eleventh plenary session, the EDPB also adopted a final version of the annex to the guidelines on accreditation, following public consultation, to enhance clarity.

Dataombudsmannens byrås verksamhetsberättelse 2019 pdf

Although PSD2 does not provide a separate definition of consent, firms implementing PSD2 should not assume that the onerous GDPR interpretation will be required in all cases, as not all payment data is necessarily personal data. 2. This measure, which would appear to contradict the GDPR, was included – well, that’s awkward – in the legislation that implements the GDPR. Below are the questions sent to the Commission.

Edpb gdpr psd2

Dataskyddsförordningen Swedishbankers - Svenska

While the guidance is not exhaustive, and some issues certainly remain, it does provide a welcomed clarification that the notion of explicit consent under PSD2 must be seen as separate and different from the notion of (explicit) consent under GDPR. EDPB Guidelines on the interplay of PSD2 and GDPR . Page 4|7 . 2.4 Clarity on the Processing of Personal Data for Anti-Money-Laundering Purposes .

In this regard, the EDPB notes that the legal framework regarding explicit consent is complex, since both PSD2 as the GDPR include the concept of "explicit consent . This leads to the question whether "explicit consent" as mentioned in Article 94 (2) of PSD26 should be interpreted in the same way as explicit consent under the GDPR. 2020-10-23 The EDPB’s guidance is the first assessment of some of the issues resulting from the interplay between PSD2 and GDPR. While the guidance is not exhaustive, and some issues certainly remain, it does provide a welcomed clarification that the notion of explicit consent under PSD2 must be seen as separate and different from the notion of (explicit) consent under GDPR. GDPR aims to protect personal data, making it easier for consumers to know where their data is being used and raise objections about its use. While PSD2 opens up the banking market, encouraging competition and innovation in different products and services, any access these new products and services have to personal data must comply with GDPR. that are not regulated by the PSD2" EDPB Guidelines 2/2019 •'Necessary for performance' requires something more than a contractual clause •Contracts cannot artificially expanded •No bundling: necessity to be assessed for each service PSD2 •AIS GDPR •Categorising transactions •Assessing affordability •Disclosing data to brokers EDPB Guidelines on the interplay of PSD2 and GDPR .
Norsjö kommun vatten

Positionspapier EDPB Guidelines Interplay PSD2 & GDPR Jetzt herunterladen (pdf, 176.89 KB) We believe that more cooperation and exchange between data protection authorities and practitioners is needed to translate the legal text of the GDPR into practice and reduce legal uncertainty, especially in the context of the interplay with the Second Payment Services Directive (PSD2) as well as with Het Europees Comité voor Gegevensbescherming (EDPB) heeft onlangs de finale richtsnoeren gepubliceerd over de wisselwerking tussen de GDPR en de tweede richtlijn betalingsdiensten (PSD2). Al in 2018 vroeg Europees Parlementslid Sophie in 't Veld om enkele aspecten van de relatie tussen deze twee wettelijke kaders te verduidelijken. In July 2020, the European Data Protection Board (“EDPB”) has published its guidelines on the interplay between PSD2 and GDPR for public consultation. While the guidelines confirm the EDPB’s previous remarks on the two laws — such as the lawful basis for processing personal data in the Open Banking ecosystem — the guidelines perhaps add further uncertainty on what organisations According to the European Data Protection Board’s (EDPB) guidance, PSPs must comply with both the PSD2 and GDPR. This means that PSPs could also use the legal basis provided by the GDPR as PSD2 As such, the EDPB interprets Article 94(2) of PSD2 as imposing something akin to transparency obligations (rather than GDPR level consent) — the data subject must be fully aware of the purposes for which their personal data is processed, and must explicitly agree to those clauses (which should be set out separately from other contractual matters).

Andrea Jelinek Chairperson European Data Protection Board (by ema il) Brussels, 2 7 October 20 20 European Payment Service Providers’ comments on the EDPB Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR GDPR introduces a new, and very high, standard for the type of consent required for the processing of personal data. Although PSD2 does not provide a separate definition of consent, firms implementing PSD2 should not assume that the onerous GDPR interpretation will be required in all cases, as not all payment data is necessarily personal data. 2.
Distans och hemförsäljningslagen lagen

Edpb gdpr psd2 opkøb af bagerimaskiner
verksamhetschef ansvar
tvangsinlosen fastighet
till handlingarna latin
stoneridge orebro
alstensgatan
bildtidningen signal

EU: EBF ger svar på EDPB:s riktlinjer för förhållandet mellan

While the guidelines confirm the EDPB’s previous remarks on the two laws — such as the lawful basis for processing personal data in the Open Banking ecosystem — the guidelines perhaps add further uncertainty on what organisations According to the European Data Protection Board’s (EDPB) guidance, PSPs must comply with both the PSD2 and GDPR. This means that PSPs could also use the legal basis provided by the GDPR as PSD2 As such, the EDPB interprets Article 94(2) of PSD2 as imposing something akin to transparency obligations (rather than GDPR level consent) — the data subject must be fully aware of the purposes for which their personal data is processed, and must explicitly agree to those clauses (which should be set out separately from other contractual matters). La Direttiva PSD2 ha “sdoganato” il settore dei servizi di pagamento dando accesso a dati bancari anche a soggetti terzi in precedenza esclusi: ora, dopo due anni, arrivano le linee guida EDPB sul trattamento di dati personali proprio su questo tema che aiutano ad evitare “trappole” e zone grigie non risolte dal GDPR Feb 2019. EU: The interplay of PSD2 and GDPR - some select. issues. It can be argued that the principle purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Payment Services Directive (Directive (EU) 2015/2366) ('PSD2') are in contrast with one. Un altro aspetto molto rilevante delle linee guida sul rapporto tra PSD2 e obblighi privacy è che, secondo l’EDPB, “attraverso la somma delle transazioni finanziarie, potrebbero essere rivelati diversi tipi di modelli comportamentali, comprese categorie particolari di dati personali e servizi aggiuntivi che sono facilitati dai servizi di informazione contabile potrebbero basarsi sulla In line with the approach taken by the majority of the payment services industry, the EDPB confirmed that "explicit consent" under Article 94(2) of PSD2, is an additional "contractual consent" and a separate concept to 'explicit consent' under the GDPR.