FAQs

We are not against the PSD2, but we are against legislation that could have negative effects on the protection of privacy. The use of payment data for new services and from providers other than banks can be positive. It is unfortunate that a law that aims to make innovation possible does not take sufficient account of possible side effects. With our activities around PSD2 we try to reduce the risks.

Contact us via the contact page or info@privacyfirst.nl.

PSD2 is seen by many as disruptive, in which existing structures will change completely. The interests of both new entrants and existing players are large. The Netherlands has a relatively large financial sector for the size of the country. Standard&Poors 2019 S&P Global Market Intelligence ranked ING Group as the largest Dutch bank in 25th place, followed by Rabobank in 46th place. The Chinese Industrial and Commercial bank of Chine is four times the size of ING. However, the figures are distorted. Consumer accounts are relevant for AISPs. Many banks are (also) commercial banks, or focus on high net-worth clients, which means that the number of 'ordinary consumers' does not have to grow in proportion to the size of the balance sheet total. ( https://en.wikipedia.org/wiki/List_of_largest_banks)

The PSD2-me-not register should provide a technical solution as a guarantee against those unwanted benefits. Because parties will need to know what data they need to filter, registration of that data will be necessary. Compare it with the don't-call-me register where you have to register your number in order to be filtered.

It is not yet known when the register will start. We are now working out the concept and turning it into a working model, a Proof of Concept. With this we want to show the financial sector and politicians why a PSD2-me-not register should be created and what it could look like. Ultimately, the register will have to be supported by the financial sector.

The newsletters use simple tracking because we want to know how the newsletters are read. We have set up the mail program in such a way that tracking, but no personal results are visible (see option 2 on this page). We only see aggregated results and individual actions are not visible.

With this setting, we don't see results on a personal level, or that certain people never open a newsletter, or that certain people do; so for example, we still see how many times a link has been clicked, but no longer who exactly did so.

You give permission per account information service. Your consent must always apply to a specific processing and a specific purpose and (logically) of a specific provider. If you give permission, this is not a generic permission to all providers.

An account information service follows a kind of two-stage rocket. First, you conclude a contract with the account information service provider. After that, you purchase an account information service from that service provider. You can compare this with a contract that you conclude with an insurance company. First you become a customer, then you take out car insurance. Then you apply for building insurance and household contents insurance, and if you go on holiday, additional travel insurance. If you take out an insurance with another insurer, you will also have to take out a contract. It is therefore not the case that your permission applies to all forms and providers of account information services.