{"id":670,"date":"2020-09-28T16:15:13","date_gmt":"2020-09-28T15:15:13","guid":{"rendered":"https:\/\/psd2meniet.nl\/?p=670"},"modified":"2020-09-28T16:15:15","modified_gmt":"2020-09-28T15:15:15","slug":"onze-reactie-op-de-richtlijnen-over-psd2gdpr","status":"publish","type":"post","link":"https:\/\/psd2meniet.nl\/en\/onze-reactie-op-de-richtlijnen-over-psd2gdpr\/","title":{"rendered":"Our response to the PSD2&GDPR guidelines"},"content":{"rendered":"

The European Data Protection Board (EDPB) gave the opportunity<\/a> to provide feedback on their draft guidelines on the relationship between the PSD2 Directive and the General Data Protection Regulation (AVG). We have of course made use of this. The better the guidelines, the better data will be protected by providers of PSD2 services.<\/p>\n\n\n\n

The purpose of the guidelines is to provide payment service providers with more clarity about the way in which they can process personal data. The guidelines focus, among other things, on consent, data minimisation, security and transparency. The EDPB also pays ample attention to 'special categories of personal data'.<\/p>\n\n\n\n

39 parties commented...<\/h2>\n\n\n\n

In total gifts 39 parties<\/a> their comments on the guidelines. The comments immediately show how difficult the PSD2 is to set up. Apples are regularly compared with pears. The fact that certain concepts are not clear is cause for concern. We therefore hope that the EDPB will soon come up with better guidelines.<\/p>\n\n\n\n

...and sometimes get in each other's way.<\/h2>\n\n\n\n

We focus on the account information service providers (AISP). This is a provider of a service that allows you to view your bank details in a 'consolidated view'. For example, a total overview of three banks in one overview. This is quite different from a service that deals with payments, the payment initiation services (PISPs). Unfortunately, rules for PISPs and AISPs are also mixed up in the guidelines. As a result, the complex matter remains rather... complex.<\/p>\n\n\n\n

One of the tricky things about the PSD2 is that different payment services are included in one directive. As a result, measures that are good for protecting privacy in one case may be unnecessary in the other. An example of this is transactions of special personal data, such as a donation or membership fee from a trade union or political party. The fact that data is required for a payment made by a PISP is rather obvious. But in their reactions, PISPs indicate that the EDBP is making things far too difficult for them: get rid of those rules! For us, the rules do not go far enough, because we see risks in processing by AISPs. We have to be careful not to throw the baby out with the bathwater.<\/p>\n\n\n\n

Moments when risks arise are insufficiently protected<\/h2>\n\n\n\n

With account information services, privacy risks can arise at two points in time. The first is as soon as an AISP engages other parties to process the data. For example, when the AISP engages a third party to categorise the data. The second moment where risks arise is when an AISP offers additional services. Think of offers based on your payment behaviour, but also budget management or links with other files.<\/p>\n\n\n\n

If credit orders or risk assessors are involved in these processes, there is a good chance that your details will somehow be added to your profile. Privacy First is not for nothing one of the parties who a lawsuit<\/a> feeds! <\/p>\n\n\n\n

One of the ways to prevent your data from being incorrectly processed when using an account information service is to filter it. This can be done with the PSD2-me-not filter. But filtering is like cursing in church for PISPs, so there is still a lot of work to be done. We continue to highlight our solutions, and have now found 38 parties to approach.<\/p>\n\n\n\n

Read our input here<\/h2>\n\n\n\n
Feedback guidelines<\/a>Download<\/a><\/div>\n\n\n\n
Response to the guidelines (NL)<\/a>Download<\/a><\/div>","protected":false},"excerpt":{"rendered":"

The European Data Protection Board (EDPB) gave the opportunity to give feedback on their draft guidelines on the ... <\/p>\n

Read More<\/a><\/div>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","trp-custom-language-flag":"","post-thumbnail":"","entry":"","entry-cropped":"","entry-fullwidth":"","entry-cropped-fullwidth":""},"post_excerpt_stackable_v2":"

De European Data Protection Board (EDPB) gaf de gelegenheid om feedback te geven op hun concept guidelines over de verhouding tussen de PSD2-richtlijn en de Algemene verordening gegevensbescherming (AVG). Daar hebben we natuurlijk gebruik van gemaakt. Hoe beter de richtlijnen, hoe beter gegevens beschermd zullen worden door aanbieders van PSD2 diensten. Het doel van de guidelines is aanbieders van betaaldiensten meer duidelijkheid te geven over de wijze waarop zij persoonsgegevens kunnen verwerken. De guidelines besteden onder meer aandacht aan toestemming, dataminimalisatie, beveiliging en transparantie. Ook heeft de EDPB ruime aandacht aan ‘bijzondere categorie\u00ebn persoonsgegevens.’ 39 partijen gaven commentaar… In totaal…<\/p>\n","category_list_v2":"nieuws<\/a>","author_info_v2":{"name":"Martijn van der Veen","url":"https:\/\/psd2meniet.nl\/en\/author\/martijn\/"},"comments_num_v2":"1 comment","_links":{"self":[{"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts\/670"}],"collection":[{"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/comments?post=670"}],"version-history":[{"count":3,"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts\/670\/revisions"}],"predecessor-version":[{"id":675,"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts\/670\/revisions\/675"}],"wp:attachment":[{"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/media?parent=670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/categories?post=670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/psd2meniet.nl\/en\/wp-json\/wp\/v2\/tags?post=670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}