The European Central Bank (ECB) intends to develop a panEuropean system that would allow Person-to-Person (P2P) bank transfers to be made using a phone number or email address.
In practice, such a system would mean that a consumer would be able to scroll down their list of personal contacts within a bank’s app and select the recipient’s phone number. The system is likely to be a proxy service with phone numbers being linked to individuals’ International Bank Account Numbers (IBANs) listed remotely within secure databases. The idea is that consumers only need to exchange phone numbers, allowing bank account details to remain secret.
The ECB’s advisory body, the Euro Retail Payments Board (ERPB), has identified a lack of co-operation amongst existing P2P mobile payment services that operate at a domestic, local or intra-bank level with 50 local solutions being identified in its most recent report.
The ERPB is working on eliminating ‘technical and legal obstacles’ to the implementation of the P2P transfer system; one of which is the impact of data protection regulation. The EU data protection framework would have a significant impact on how the proposed service would operate, particularly in relation to the requirement for obtaining consent from data subjects. In particular, there are likely to be concerns relating to the divergent local standards within Member States for gaining consent.
The General Data Protection Regulation (please see our article “Seeing the wood for the trees”), due to come into force in 2018, may go some way to allaying these concerns by applying a uniform and consistent standard across Member States for a “clear affirmative action” taken by the data subject indicating that they consent to their personal data being used in a particular way.