Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Single Euro Payments Area: technical requirements for credit transfers and direct debits

2010/0373(COD)

OPINION OF THE EUROPEAN DATA SERVICE SUPERVISOR on the proposal for a Regulation of the European Parliament and of the Council establishing technical requirements for credit transfers and direct debits in euros and amending Regulation (EC) No 924/2009

It is recalled that SEPA aims at establishing a single market for retail euro payments by overcoming the technical, legal and market barriers stemming from the period prior to the introduction of the single currency. Once SEPA has been completed, there will be no difference between national and cross-border euro payments: they will all be domestic. The proposal applies to credit transfers and direct debits.

-The introduction and development of SEPA involves several data processing operations: names, bank account numbers, content of contracts need to be exchanged directly between payers and payees and indirectly through their respective payment service providers in order to guarantee a smooth functioning of the transfers. With this purpose, the proposal also includes an Article on ‘Interoperability’, which supports the creation of standard rules for national and cross-border transactions.

-The EDPS highlights that exchange and processing of personal data related to payers and payees and with the various payment services providers must respect the principles of necessity, proportionality and purpose limitation.

The passing along of the data through the various intermediaries must also respect the principles of confidentiality and security of the processing in compliance with Directive 95/46/EC.

The proposal also introduces a new role for national authorities competent to monitor compliance with the Regulation and take all necessary measures to ensure such compliance. While this role is fundamental to guarantee an effective implementation of SEPA, it also might involve broad powers to further process personal data of individuals by the authorities. Also in this area, access by the national competent authorities to personal data must respect the principles of necessity, proportionality and purpose limitation.

The EDPS welcomes the mentioning of Directive 95/46/EC in the proposal. However, he suggests that the text could be modified slightly to emphasise that any data processing operation must be carried out in accordance with the implementing rules, as follows:

  • Recital 26 should state that any processing of personal data performed pursuant to the Regulation shall be in conformity with the relevant national laws implementing Directive 95/46/EC;
  • the monitoring power of the national competent authorities in relation to the obligations contained in Articles 6 and 8 should be limited to a case-by-case basis, when there is a reasonable suspicion of an infringement of the Regulation, while in order to encourage compliance with the obligations of Article 8, the redress mechanism for litigation provided in Article 11 should be extended to controversies between payer and payee;
  • references to Directive 95/46/EC in the Annex should be harmonised in order to avoid any misinterpretation.