The updated Payment Services Directive (PSD2) regulates payment services providers throughout the EU. The update’s purposes were to harmonize consumer protection and increase competition and innovation in the payment market by allowing non-banks to participate. Whereas many are struggling with PSD2 compliance, some banks and new market entrants are making quick strides. While consumers are mostly interested in the convenience of new payment apps, threats to security and informational privacy may be looming. Which practical consequences of PSD2 for personal data protection can we expect? Some new entrants are large platforms eager to expand data-driven services with highly valuable information on consumer-spending. Could one consequence of PSD2 be the accumulation of more types of personal data in the same hands?
- How to provide transparency on (legally required) algorithmic credit assessments?
- Considering competitive pressures but also competition and data protection legislation, which data can and should be shared with whom?