Open Banking and Privacy: Users' Personal Data and Payment Service Providers' Liability

Payment services user’s personal data processing between European Directive no. 2015/2366/EU on electronic payment services (PSD2) and Regulation no. 679/2016 on the processing of personal data of natural persons (GDPR). This chapter focuses on the interference and possible conflicts between digital payments and personal data protection and processing rules, identifying and addressing certain issues. In particular, the work analyses and discusses three themes: 1) the role played by banking intermediaries (PSPs) and new payment service providers (third party providers – TPPs) and their involvement in the digital payments, 2) the cases where the PSPs and TPPs can lawfully use personal data and the limits imposed on them by both regulations to the processing of data of payment service users in order to verify whether the combined provisions of these pieces of legislation effectively achieve greater protection for payment service users, 3) the issue of unlawful use of personal data and the distribution of responsibilities and liabilities between intermediaries.