Art. 94 PSD2 is fundamental for the data protection framework regulating the activities of payment service providers. The approach under the PSD2 towards data protection is driven by broad considerations of coherence and consistency of data protection rules across the EU. Art. 94 PSD2 reflects this stance: while Art. 94 (1) PSD2 includes an explicit reference and a requirement to ensure data processing in accordance with the GDPR, Art. 94 (2) PSD2 complements the framework by borrowing the ‘explicit consent’ requirement to access, process and retain personal data necessary for the provision of payment services. The PSD2 and the GDPR requirements, however, are not identical, and hence have raised a number of questions about potential conflicts, overlaps, the effectiveness of the rules and their practical implications for the industry. This chapter analyses the questions relative to the implementation of Art. 94 PSD2, including its interplay with the GDPR, and discusses the practical implications of the PSD2 requirements encrusted onto the horizontal EU framework for data protection under the GDPR.
You are not authenticated to view the full text of this chapter or article.
Get access to the full article by using one of the access options below.