The interplay of GDPR and PSD2 in open banking

Abstract

The Master Thesis tackles the interplay of GDPR and PSD2 in the scope of open banking. Open banking, being a new trend in the financial industry due to the process of global digitalization and technological innovation, and additionally in times of the ongoing COVID-19 pandemic, provides opportunities for traditional financial institutions and FinTech companies to offer customer-aligned and innovative financial services by sharing personal and financial information of their users. The primary purpose of this work is, therefore, to examine the interrelationship of two complex regulatory acts applied to the open banking environment in the EU regarding personal data sharing and further processing. Based on doctrinal legal research and applied legal background to a practical case study, the work concludes with findings of legal uncertainty and clashes of terminology amongst GDPR and PSD2, and gives proposals for further revision of both regulatory acts to provide a more efficient legal environment for the further development of the financial industry in the EU.