The Interaction Between Directive 2015/2366 (EU) on Payment Services (PSD2) and Regulation (EU) 2016/679 on General Data Protection (GDPR) Concerning Third Party Players

Abstract

There has been some concern with the overlap between Directive 2015/2366 (EU) on Payment Services (PSD2) and Regulation (EU) 2016/679 on General Data Protection (GDPR) and how financial institutions can balance these two regulations. The perspective behind each regulation is very different. PSD2 establishes access to personal data and permits its sharing, while GDPR operates to regulate and safeguard it. This raises complex compliance considerations on how to apply those regulations together, especially concerning TPPs, and how they can balance innovation and data protection. This article hopes to explore the questions raised above on how to balance GDPR and PSD2 in the context of TPPs. The study is based on the doctrinal method.