On 1 February, the EACB joined eight other EU payments sector associations in co-signing a letter addressed to the European Data Protection Board, the European Commission, and the European Banking Authority about the final EDPB Guidelines on the interplay of PSD2 and GDPR.
While the co-signatories appreciate that the final Guidelines make a step forward to clarifying certain aspects of the interplay, other elements remain more worrying and raise new uncertainties, notably the provisions on data minimization, the processing of special categories of personal data (SCPD), a lack of coherence with the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication (RTS on SCA & CSC), the risk that national Data Protection Authorities (DPAs) could start taking a differentiated approach to the interpretation of the provisions, resulting in fragmentation across the EU.
The EACB together with the other eight associations (i.e., EBF, ESBG, EAPB, ETPPA, EPIF, PE, EFA, and EMA) ask to continue the discussion between all relevant institutions and stakeholders in the GDPR-PSD2 ecosystem to address the above challenges and provide legal certainty for all actors to enable them to meet their obligations and continue to provide services for their customers.