Payment services

Consumers can use various payment services. The providers of these payment services (payment service providers) then need access to consumers' payment data. These are sensitive personal data. That is why it is important that payment data remain secure. The European PSD2 directive provides rules for this.

On this page

  1. General information

Examples of payment services

Examples of payment services are:

  • payment services that make it possible to make payments via a smartphone;
  • an automatic housekeeping book;
  • payment services that link bank accounts from different banks;
  • payment services that analyse payment data to provide advice on savings.

Access to payment data

If a consumer wants to use a payment service, the payment service providers (the company that offers the payment services) need access to the payment data of this consumer.

These are sensitive personal data, such as data about a person's income and purchasing behaviour. That is why payment service providers must first request explicit consent from consumers in order to be able to access their payment data.

Rules are set out in PSD2

The rules for payment service providers are set out in the European PSD2 directive. This abbreviation stands for the second Payment Service Directive. This directive regulates, among other things, that not only banks, but also other parties may have access to current accounts, provided consumers have given their consent for this.

PSD2 and the GDPR

Payment service providers must not only adhere to the rules of PSD2, but also to the privacy rules from the General Data Protection Regulation (GDPR). 

The European Data Protection Board (EDPB) has drawn up guidelines on the interplay between PSD2 and the GDPR:

Quick answers

Can a payment service view my payment data?

Do you want to use a payment service? Then the payment service needs access to your payment data. This is only allowed if you have given explicit consent for this.
This means the payment service provider must clearly ask you for consent and inform you properly about what happens to your data. This way, you know exactly what you are consenting to.
What is not allowed, for example, is only asking you to accept the general terms and conditions. The payment service provider must ask you for consent separately.


Do you want to know more? Read: Consumers using a payment service.

Can a payment service see my details if someone transfers money to me?

Yes, it can. If someone else has given consent to a payment service provider (the company behind the payment service), but you have not, the payment service provider can sometimes see your personal data, even if you have not consented to this. An example of this is if that other person transfers money to you via a payment service.
In that case, the payment service provider sees data that are necessary to carry out the payment service. For example:

  • your name;
  • your bank account number;
  • the payment reference;
  • the payment description.


Without your explicit consent, none of your other data can be visible.
Do you want to know more? Read: Consumers using a payment service.

Can I access my data at an organisation, or have them rectified or removed?

Yes, you can. If an organisation uses your personal data, you have a number of rights. This will ensure that you keep a grip on your personal data. These are the most important privacy rights:

Do you want to know what other rights you have? Check out Privacy rights under the GDPR.

What can I do if I have a question or complaint about the use of my personal data?

Always submit your questions or complaints to the organisation that uses your personal data first. Do you have a complaint and are you and the organisation unable to work it out together? Then you can lodge a complaint with the Dutch Data Protection Authority (DPA).

Related themes and topics

Finances

Income and credit worthiness

In some situations, organisations want to know if you can pay your bills before entering into an agreement with you. For example, if you want to rent a home or take out a loan. They are allowed to ask for your income data, or check your creditworthiness (credit check).
Go to subject
Finances

Financial enterprises

Financial enterprises and service providers, such as banks, credit card companies, insurers, pension funds, trust offices, financial and tax consultants, collect and use a lot of personal data.
Go to subject
Finances

Bankruptcy

In almost every bankruptcy, the estate contains personal data, such as customer files, member files or personnel files. Insolvency practitioners must handle this data with due care. They must also comply with the General Data Protection Regulation (GDPR).
Go to subject