European Union: Issued opinion on regulation on payment services in the internal market

On 22 August 2023, the European Data Protection Supervisor (EDPS) issued an opinion on the proposal of the European Commission for a regulation on payment services in the internal market. The proposal aims to enhance the processing of personal data in payment services while aligning with the General Data Protection Regulation (GDPR). It seeks to regulate, among other things, data access in payment system and by payment service providers. In its opinion, the EDPS provides input on a number of data protection issues, suggesting a number of clarifications and definitions, and asking the legislator to reconsider a prohibition on the verification of user permission by account servicing payment service providers (ASPSPs).