Skip to main content
SpringerLink
Log in

EU Data Protection and Future Payment Services

  • Chapter
  • First Online:
Bitcoin and Mobile Payments

Part of the book series: Palgrave Studies in Financial Services Technology ((FST))

  • 3680 Accesses

Abstract

With the second Payment Services Directive, the European Union embraces new payment services by tackling some of the legal challenges they trigger. Personal data protection is one of the most critical of such challenges, and it is itself in a crucial transition period. A General Data Protection Regulation is indeed to replace the current Data Protection Directive, coinciding with a progressive consolidation of the EU right to personal data protection. This contribution explores the current and upcoming regulatory challenges in this field. After introducing the EU legal framework on personal data protection, it reviews the data protection provisions of the updated Payment Services Directive, and discusses them critically. The findings are then explored considering the wider context of mobile payments, as well as “alternative currencies”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L281, 23 November 1995, 31–50.

  2. 2.

    European Commission, Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), COM(2012) 11 final, 25 January 2012, Brussels.

  3. 3.

    On this right, see: Gloria González Fuster, The Emergence of Personal Data Protection as a Fundamental Right of the EU (Dordrecht: Springer, 2014).

  4. 4.

    Article 8(1) of the EU Charter of Fundamental Rights.

  5. 5.

    Article 8(2) of the EU Charter of Fundamental Rights.

  6. 6.

    Ibid.

  7. 7.

    Article 8(1) of the EU Charter of Fundamental Rights.

  8. 8.

    Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006 L 105, p. 54.

  9. 9.

    Judgment of the Court (Grand Chamber) of 8 April 2014, Joined Cases C-293/12 and C-594/12, Digital Rights Ireland.

  10. 10.

    Judgment of the Court (Grand Chamber) of 13 May 2014, C-131/12, Google Spain and Google.

  11. 11.

    Judgment of the Court (Grand Chamber) of 6 October 2015, Case C-362/14, Schrems.

  12. 12.

    Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46 on the adequacy of the protection provided by the Safe Harbour privacy principles and related Frequently Asked Questions issued by the US Department of Commerce.

  13. 13.

    Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC, OJ L319, 5 December 2007, 1–36.

  14. 14.

    European Commission, Proposal for a Directive of the European Parliament and of the Council on payment services in the market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC, COM(2013) 547 final, 24 July 2013, Brussels.

  15. 15.

    European Data Protection Supervisor (EDPS), Opinion of the European Data Protection Supervisor on a Proposal for a Directive of the European Parliament and of the Council on Payment Services in the Internal Market Amending Directives 2002/65/EC, 2006/48/EC and 2009/110/EC and Repealing Directive 2007/64/EC, and for a Regulation of the European Parliament and of the Council on Interchange Fees for Card-Based Payment Transactions, 5 December 2013, Brussels.

  16. 16.

    European Parliament, Legislative Resolution of 8 October 2015 on the proposal for a Directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC (COM(2013)0547C7-0230/2013–2013/0264(COD)) (Ordinary legislative procedure: first reading), P8_TA(2015)0346.

  17. 17.

    Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L8, 12 January 2001.

  18. 18.

    Recital 89 of the second Payments Service Directive.

  19. 19.

    Art. 13(1)(d) of Directive 95/46/EC.

  20. 20.

    Art. 7(b) of Directive 95/46/EC.

  21. 21.

    Except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject requiring protection (Art. 7(f) of Directive 95/46/EC).

  22. 22.

    For a discussion on consent and its role in EU personal data protection law, see: Eleni Kosta, Consent in European Data Protection Law (The Hague: Martinus Nijhoff, 2013).

  23. 23.

    Opinion of the EDPS (2013): 3.

  24. 24.

    In this sense, see, for instance: BEUC, The European Consumer Organisation, Towards an Integrated European Market for Card, Internet and Mobile Payments: European Commission Consultation on the Green Paper (2012): 2.

  25. 25.

    European Commission, Green Paper Towards an Integrated European Market for Card, Internet and Mobile Payments, COM 941 final, 1 November 2012, Brussels, (2011): 19.

  26. 26.

    Mario Viola De Azevedo Cunha, Market Integration Through Data Protection: An Analysis of the Insurance and Financial Industries in the EU (Dordrecht: Springer, 2013), p. 25.

  27. 27.

    Art. 6(c) of Directive 95/46/EC.

  28. 28.

    European Commission, Ibid., 19.

  29. 29.

    Chris Jay Hoofnagle, Jennifer M. Urban, and Su Li, “Mobile Payments: Consumer Benefits & New Privacy Concerns”, BCLT Research Paper (2012): 2.

  30. 30.

    Richard Kemp, “Mobile Payments: Current and Emerging Regulatory and Contracting Issues”, in Computer Law & Security Review 29 (2013): 176.

  31. 31.

    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31 July 2002, p. 37–47, amended by Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, OJ L337, 18 December 2009, p. 11–36.

  32. 32.

    Hoofnagle, Urban and Li, Ibid., 9.

  33. 33.

    On fear of persistent lack of full harmonization of EU data protection obligations, see: European Banking Federation (EBF), EBF Position on the European Commissions Green PaperTowards an Integrated European Market for Card, Internet and Mobile Payments, 10 April 2012.

  34. 34.

    Provvedimento generale in materia di trattamento dei dati personali nell’ambito dei servizi di mobile remote payment, 22 maggio 2014, Pubblicato sulla Gazzetta Ufficiale n. 137 del 16 giugno 2014.

  35. 35.

    Article 29 Working Party (2013), Opinion 02/2013 on apps on smart devices, WP 202, 27 February 2013, Brussels.

  36. 36.

    Ibid., p. 8.

  37. 37.

    Ibid., p. 27.

  38. 38.

    Ibid., p. 16.

  39. 39.

    See, for instance: Thomas F. Dapp, Antje Stobbe, and Patricia Wruuck, The Future of (mobile) Payments: New (online) Players Competing with Banks, Deutsche Bank Research, 20 December 2012: 26.

  40. 40.

    Concretely, the Google Wallet application has prompted a lawsuit related to Google’s payment service sharing of personal information with app developers.

  41. 41.

    Charles Gibney et al., “International Review: Mobile Payments and Consumer Protection”, Financial Consumer Agency of Canada, January (2015): iv.

  42. 42.

    See, in this sense: Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008), available online: http://nakamotoinstitute.org/bitcoin/#selection-7.4-13.16.

  43. 43.

    For a description of the various possible ways to identify Bitcoin users, see: Fergal Reid and Martin Harrigan “An Analysis of Anonymity in the Bitcoin System” in Yaniv Altshuler et al. (Eds.) Security and Privacy in Social Networks, (Dordrecht: Springer, 2013), pp. 197–223.

  44. 44.

    Art. 2(a) of Directive 95/46/EC.

  45. 45.

    Suggesting this option: Artus Krohn-Grimberghe and Christoph Sorge, “Practical Aspects of the Bitcoin System”, The Computing Research Repository (CoRR), August 2013.

  46. 46.

    On this issue, see: Mario Viola de Azevedo Cunha, Luisa Marin, and Giovanni Sartori, “Peer-to-peer privacy violations and ISP liability: data protection in the user-generated web”, International Data Privacy Law 2, No. 2 (2012): 50–67.

References

  • Article 29 Working Party. (2013). Opinion 02/2013 on apps on smart devices. WP 202, 27 February. Brussels.

    Google Scholar 

  • BEUC, The European Consumer Organisation. (2012). Towards an integrated European market for card, internet and mobile payments: European Commission Consultation on the Green Paper.

    Google Scholar 

  • European Banking Federation (EBF). (2012). EBF position on the European Commissions Green Paper ‘towards an integrated European market for card, internet and mobile payments. 10 April 2012.

    Google Scholar 

  • European Commission. (2012a) Green Paper towards an integrated European market for card, internet and mobile payments. COM(2011) 941 final, Brussels: 1.11.2012.

    Google Scholar 

  • European Commission. (2012b). Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, Brussels: 25.1.2012.

    Google Scholar 

  • European Commission. (2013). Proposal for a Directive of the European Parliament and of the Council on payment services in the market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC. COM(2013) 547 final. Brussels: 24.7.2013.

    Google Scholar 

  • European Data Protection Supervisor (EDPS). (2013). Opinion of the European Data Protection Supervisor on a proposal for a Directive of the European Parliament and of the Council on payment services in the internal market amending Directives 2002/65/EC, 2006/48/EC and 2009/110/EC and repealing Directive 2007/64/EC, and for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions. Brussels: 5.12.2013.

    Google Scholar 

  • European Parliament. (2015). Legislative Resolution of 8 October 2015 on the proposal for a Directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC (COM(2013)0547C7-0230/2013–2013/0264(COD)) (Ordinary legislative procedure: first reading), P8_TA(2015)0346.

    Google Scholar 

  • Dapp, T. F., Stobbe, A., & Wruuck, P. (2012). The future of (mobile) payments: New (online) players competing with banks. Deutsche Bank Research, 20 December 2012.

    Google Scholar 

  • De Azevedo Cunha, M. V. (2013). Market integration through data protection: An analysis of the insurance and financial industries in the EU. Dordrecht: Springer.

    Book  Google Scholar 

  • De Azevedo Cunha, M. V., Marin, L., & Sartori, G. (2012). Peer-to-peer privacy violations and ISP liability: Data protection in the user-generated web. International Data Privacy Law, 2(2), 50–67.

    Article  Google Scholar 

  • Gibney, C., et al. (2015). International review: Mobile payments and consumer protection. Financial Consumer Agency of Canada, January 2015.

    Google Scholar 

  • González Fuster, G. (2014). The emergence of personal data protection as a fundamental right of the EU. Dordrecht: Springer.

    Book  Google Scholar 

  • Hoofnagle, C. J., Urban, J. M., & Li, S. (2012). Mobile payments: Consumer benefits & new privacy concerns. BCLT Research Paper.

    Google Scholar 

  • Kemp, R. (2013). Mobile payments: Current and emerging regulatory and contracting issues. Computer Law & Security Review, 29, 175–179.

    Article  Google Scholar 

  • Kosta, E. (2013). Consent in European data protection law. The Hague: Martinus Nijhoff.

    Book  Google Scholar 

  • Krohn-Grimberghe, A., & Sorge, C. (2013). Practical aspects of the Bitcoin system. The Computing Research Repository (CoRR), August 2013.

    Google Scholar 

  • Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Available online: http://nakamotoinstitute.org/bitcoin/#selection-7.4-13.16

  • Reid, F., & Harrigan, M. (2013). An Analysis of anonymity in the Bitcoin system. In Y. Altshuler, et al. (Eds.), Security and privacy in social networks (pp. 197–223). Dordrecht: Springer

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Law, Science, Technology and Society (LSTS), Vrije Universiteit Brussel (VUB), Belgium

    Gloria González Fuster

Authors
  1. Gloria González Fuster
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Siena , Siena, Italy

    Gabriella Gimigliano

Copyright information

© 2016 The Editor(s) (if applicable) and The Author(s)

About this chapter

Cite this chapter

González Fuster, G. (2016). EU Data Protection and Future Payment Services. In: Gimigliano, G. (eds) Bitcoin and Mobile Payments . Palgrave Studies in Financial Services Technology. Palgrave Macmillan, London. https://doi.org/10.1057/978-1-137-57512-8_8

Download citation

  • DOI: https://doi.org/10.1057/978-1-137-57512-8_8

  • Published:

  • Publisher Name: Palgrave Macmillan, London

  • Print ISBN: 978-1-137-57511-1

  • Online ISBN: 978-1-137-57512-8

  • eBook Packages: Economics and FinanceEconomics and Finance (R0)

Publish with us

Policies and ethics

Search

Navigation