The Interaction Between Directive 2015/2366 (EU) on Payment Services and Regulation (EU) 2016/679 on General Data Protection Concerning Third Party Players

AuthorDilja Helgadottir
PositionLL.M. Candidate at Duke University School of Law on a Merit Scholarship
Pages199-224
© 2020 Dilja Helgadottir and Dublin University Law Society
THE INTERACTION BETWEEN DIRECTIVE
2015/2366 (EU) ON PAYMENT SERVICES AND
REGULATION (EU) 2016/679 ON GENERAL DATA
PROTECTION CONCERNING THIRD PARTY
PLAYERS
DILJA HELGADOTTIR
*
Introduction
Payment, credit, and debit cards are the most widely used payment
instruments in Europe.
1
Their introduction in the 1980s and 1990s was a
breakthrough in payment intermediation that increased security,
efficiency, and convenience for consumers and businesses. To date, fintech
payment solutions have made the way we transfer money more
convenient than ever. They have, among other things, extended the
traditional functionality of payment cards to mobile phones to carry out
transfers between individuals. In some cases, it is possible to use a mobile
phone to pay a merchant directly, provided the merchant has additional
equipment available to receive the transaction.
The first European Rules on Payment Services were implemented in
Europe by the Directive of the European Parliament and the Council of 13
November 2007 on payment services in the internal market 2007/64/EC.
2
*Dilja Helgadottir is an LL.M. Candidate at Duke University School of Law on a Merit
Scholarship. She received her first law degree, BA in Law, with first-class honours from
Reykjavik University in 2017. She received Master of Laws with the highest honours,
Summa Cum Laude, from Reykjavik University in 2019. Interested in international business
law, European law, and bankruptcy law, she has published four peer-reviewed publications
during her studies. The author is indebted to Professor Dr. Margret Einarsdottir for her
inspiring teaching at Reykjavik University, which has fostered the author's interest in
developments in European law. The author would also like to thank Professor Lee Reiners
for his insights and discussions on matters in Fintech during her studies at Duke University
School of Law.
1
Elena Beccalli, IT and European Bank Performance (Springer 2007) 34-35.
2
Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007
on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC,
2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (Text with EEA relevance)
[2007] OJ L319.
Trinity College Law Review [Vol 23
200
The Directive provides for full harmonisation of the legal framework for
non-cash payments in the internal market. Full harmonisation means that
there are limited powers to depart from the Directive’s substantive
provisions when transposing into national law, and exceptions are only
permitted where explicitly stated within the Directive.
3
The Directive
aimed to create a comprehensive, coherent, and modern regulatory
framework for payment services within the European Union. The
Directive also played an essential role in strengthening competition in
payment services and increasing consumer protection.
4
Significant
changes have now been made to payment service regulations in order to
harmonise the EU internal market for secure electronic payments. New
services that emerge in the area of internet payments can now follow the
same rules as traditional payment service providers regarding registration,
licensing, and supervision by the competent authorities. The changes were
considered important to support the growth of the Union’s economy and
to ensure better prices, quality, choice, and transparency of payment
services to benefit the internal market. At the same time, it was necessary
to set new rules to improve the efficiency of payment services as a whole,
increase transparency, and strengthen consumer protection.
5
In 2015, the
European Parliament and the Council agreed to review the payment
services rules in the Union. Among other things, this was done to increase
competition by giving parties other than financial institutions the
opportunity to enter the payment services market. Subsequently, a
renewed Payment Service Directive 2015/2355/EC of the European
Parliament and the Council of 25 November 2015 (PSD2) was approved.
6
Member States were required to transpose PSD2 into national law before
13 January 2018.
7
They were given scope to decide on certain topics in the
implementation of the Directive, but there are options for limited
exemptions in PSD2. Member States shall, therefore, ensure that payment
service providers do not derogate, to the detriment of payment service
users, from the provisions of national law transposing this Directive
3
Catherine Barnard, The substantive law of the EU: The Four Freedoms (5th edn, OUP 2016)
580-600.
4
Recital 6 of PSD2.
5
Recital 4 and 5 of PSD2.
6
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November
2015 on payment services in the internal market, amending Directives 2002/65/EC,
2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive
2007/64/EC [2015] OJ L 337.
7
PSD2 repealed the former EU Payment Service Directive 2007/64/EC.

To continue reading

Request your trial