By Bruce Bennett, Carlo Kostka, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin

The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly consents to such disclosure.  The new legislation is intended to improve competition and innovation in the EU market for payment services.  The General Data Protection Regulation (GDPR), which is due to take effect from May 25, 2018, enhances individuals’ rights when it comes to protecting their personal data.  The interaction between PSD2, aimed at increasing the seamless sharing of data, and the GDPR, aimed at regulating such sharing, raises complicated compliance concerns.

For example, where banks refrain from providing TPPs access to customer payment data for fear of breaching the privacy rights of their customers under the GDPR, competition authorities may consider this a breach of competition law.  This concern is already becoming a reality for banks – on October 3, 2017, the European Commission carried out dawn raids on banking associations in Poland and the Netherlands following complaints from fintech rivals that the associations were not providing them with what they considered legitimate access to customer payment data.
Continue Reading Overlap Between the GDPR and PSD2

As announced last week, the European Data Protection Supervisor (“EDPS”) released on September 23, 2016 an opinion on “coherent enforcement of fundamental rights in the age of big data.”  This opinion follows an earlier Preliminary Opinion on privacy and competitiveness in the age of big data, published in 2004 (see our previous blog post here).

According to the EDPS, data-driven technologies and services are important for economic growth, but the users of those services are generally unaware of the nature and extent of the “covert tracking”  that fuels the sector.  The growing imbalance between consumers and service providers would diminish choice and innovation and threaten the privacy of individuals.  In fact, the rights of individuals enshrined in the EU Charter of Fundamental Rights would be threatened by “normative behavior and standards that now prevail in cyberspace.”    At the same time, EU rules on data protection, consumer protection, and antitrust and merger control are applied in silos, despite their common objectives.
Continue Reading EDPS Issues Opinion on Big Data and Enforcement

“The evolution of big data has exposed gaps in EU competition, consumer protection and data protection policies”, said Peter Hustinx, the European Data Protection Supervisor (EDPS), when presenting the EDP’s preliminary opinion on the interplay between these three policy areas. The Opinion titled “Privacy and Competitiveness in the Age of Big Data”, issued on 26 March 2014, (the Opinion) aims at stimulating a debate between experts and practitioners. The EDPS’ preliminary opinions are not legally binding but intended to inform and facilitate discussion.

Continue Reading The New EDPS Opinion “Privacy and Competitiveness in the Age of Big Data”

South by Southwest (“SXSW”) Interactive kicked off last week, and Covington was there to cover privacy and big data’s big buzz, a topic which dominated much of the conference.  Among the events that took place last Friday were “Big Data Inverted: The Best Candy from Strangers?” and “Privacy Under the Covers: The Naked Truth.”  The big-data panel included Chris Colborn, R/GA Global Chief Experience Officer; Dinkar Jain, Google Product Manager; and Maria Bezaitis, Principal Engineer at Intel.  The privacy event was a “Core Conversation” that featured MeMe Jacobs Rasmussen, Adobe’s Chief Privacy Officer, VP, and Associate General Counsel; and Shaina Boone, SVP of Marketing Science at Critical Mass.

Big Data Inverted started with the premise that, as big data transforms relationships and information sharing, “people are beginning to unintentionally ‘barricade’ themselves from new experiences.”  While much of the discussion focused on how businesses can structure their models to leverage big data so that it is useful and relevant, better connected, and more available, privacy and consumer trust necessarily came up throughout the discussion.  In particular, many focused on the two sides of the big data coin:  potential and privacy.  Businesses stand to benefit if they can tame and harness big data, but not if they ignore privacy concerns inherent in amassing huge quantities of sensitive information.  Many are suggesting, however, that businesses can profit from privacy too  that is, because privacy has become so important to consumers, it can be used competitively.

Continue Reading Covington at #SXSW: If “Big Data Is the New Oil” Then “Privacy Is the New Green”

Speaking in Brussels yesterday on “Competition and Privacy in Markets of Data,” EU Competition Commissioner Joaquín Almunia observed that privacy is “becoming one of the central debates of our time.”  Technological and commercial developments have strengthened companies’ ability and incentive to “gather, manipulate and trade personal data.”  Because “personal data are a type of asset