The Interaction Between Directive 2015/2366 (EU) on Payment Services and Regulation (EU) 2016/679 on General Data Protection Concerning Third Party Players

• Author: Dilja Helgadottir
• Position: LL.M. Candidate at Duke University School of Law on a Merit Scholarship
• Pages: 199-224

© 2020 Dilja Helgadottir and Dublin University Law Society

THE INTERACTION BETWEEN DIRECTIVE

2015/2366 (EU) ON PAYMENT SERVICES AND

REGULATION (EU) 2016/679 ON GENERAL DATA

PROTECTION CONCERNING THIRD PARTY

PLAYERS

DILJA HELGADOTTIR

*

Introduction

Payment, credit, and debit cards are the most widely used payment

instruments in Europe.

1

Their introduction in the 1980s and 1990s was a

breakthrough in payment intermediation that increased security,

efficiency, and convenience for consumers and businesses. To date, fintech

payment solutions have made the way we transfer money more

convenient than ever. They have, among other things, extended the

traditional functionality of payment cards to mobile phones to carry out

transfers between individuals. In some cases, it is possible to use a mobile

phone to pay a merchant directly, provided the merchant has additional

equipment available to receive the transaction.

The first European Rules on Payment Services were implemented in

Europe by the Directive of the European Parliament and the Council of 13

November 2007 on payment services in the internal market 2007/64/EC.

2

*Dilja Helgadottir is an LL.M. Candidate at Duke University School of Law on a Merit

Scholarship. She received her first law degree, BA in Law, with first-class honours from

Reykjavik University in 2017. She received Master of Laws with the highest honours,

Summa Cum Laude, from Reykjavik University in 2019. Interested in international business

law, European law, and bankruptcy law, she has published four peer-reviewed publications

during her studies. The author is indebted to Professor Dr. Margret Einarsdottir for her

inspiring teaching at Reykjavik University, which has fostered the author's interest in

developments in European law. The author would also like to thank Professor Lee Reiners

for his insights and discussions on matters in Fintech during her studies at Duke University

School of Law.

1

Elena Beccalli, IT and European Bank Performance (Springer 2007) 34-35.

2

Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007

on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC,

2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (Text with EEA relevance)

[2007] OJ L319.

Trinity College Law Review [Vol 23

200

The Directive provides for full harmonisation of the legal framework for

non-cash payments in the internal market. Full harmonisation means that

there are limited powers to depart from the Directive’s substantive

provisions when transposing into national law, and exceptions are only

permitted where explicitly stated within the Directive.

3

The Directive

aimed to create a comprehensive, coherent, and modern regulatory

framework for payment services within the European Union. The

Directive also played an essential role in strengthening competition in

payment services and increasing consumer protection.

4

Significant

changes have now been made to payment service regulations in order to

harmonise the EU internal market for secure electronic payments. New

services that emerge in the area of internet payments can now follow the

same rules as traditional payment service providers regarding registration,

licensing, and supervision by the competent authorities. The changes were

considered important to support the growth of the Union’s economy and

to ensure better prices, quality, choice, and transparency of payment

services to benefit the internal market. At the same time, it was necessary

to set new rules to improve the efficiency of payment services as a whole,

increase transparency, and strengthen consumer protection.

5

In 2015, the

European Parliament and the Council agreed to review the payment

services rules in the Union. Among other things, this was done to increase

competition by giving parties other than financial institutions the

opportunity to enter the payment services market. Subsequently, a

renewed Payment Service Directive 2015/2355/EC of the European

Parliament and the Council of 25 November 2015 (PSD2) was approved.

6

Member States were required to transpose PSD2 into national law before

13 January 2018.

7

They were given scope to decide on certain topics in the

implementation of the Directive, but there are options for limited

exemptions in PSD2. Member States shall, therefore, ensure that payment

service providers do not derogate, to the detriment of payment service

users, from the provisions of national law transposing this Directive

3

Catherine Barnard, The substantive law of the EU: The Four Freedoms (5th edn, OUP 2016)

580-600.

4

Recital 6 of PSD2.

5

Recital 4 and 5 of PSD2.

6

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November

2015 on payment services in the internal market, amending Directives 2002/65/EC,

2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive

2007/64/EC [2015] OJ L 337.

7

PSD2 repealed the former EU Payment Service Directive 2007/64/EC.