GDPR and PSD2: Self-Sovereign Identity, Privacy, and Innovation

By Paul Ferris

CEO, ObjectTech Group

The years 2017 and 2018 have seen two of the biggest regulatory changes in banking and in the technology that underpins our modern system – but these two pieces of European legislation can, on their face, seem to be at odds with each other in certain respects.

PSD2 – the second Payments Services Directive – is a piece of European law that effectively forces banks to open up their customer databases and allow third parties to use this data and put it to work through new services, rather than it just sitting in a silo inside a bank. It seeks to create interoperability between banks and their customers via standardized open application programming interfaces (APIs).

The vision is that services like comparison websites will be able to aggregate account information and advise users if they would be better off moving their money into an account with an alternative bank. These are account information service providers (AISPs) under the Directive. Or social media platforms will be able to instruct that payments from users’ bank accounts be sent to their friends – payment initiation service providers (PISPs).

Online banking, in general, will cease being something one does solely through clunky banking apps, but will instead be delivered via an innovation-driven market. It is the baseline on which a new generation of financial technology (FinTech) companies and services will proliferate. ...

Get The REGTECH Book now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.