The provision of payment services, which are currently
regulated by the second Payment Services Directive, requires processing of
personal data, including special categories of personal data such as data
concerning health, political beliefs or sexual orientation. While any such
processing must comply with the EU’s General Data Protection Regulation, there
have been identified inconsistencies between the Directive and the Regulation.
One of them concerns an appropriate legal basis for the processing of special
categories of personal data. The European Commission’s proposal for a Payment
Services Regulation of 2023 aims to provide such a legal basis. Yet, the
relevant provision is criticised for not meeting the requirements of the
principle of proportionality. This contribution examines the processing of
special categories of personal data under the second Payment Services Directive
and the proposal for a Payment Services Regulation while it draws attention to
an emerging challenge of the expanding notion of special categories of personal
data.