{"id":382,"date":"2019-09-17T12:20:35","date_gmt":"2019-09-17T11:20:35","guid":{"rendered":"https:\/\/psd2meniet.nl\/?p=382"},"modified":"2019-09-19T08:32:46","modified_gmt":"2019-09-19T07:32:46","slug":"privacy-is-geen-obstakel-en-hoort-in-klantreis","status":"publish","type":"post","link":"https:\/\/dev.psd2meniet.nl\/en\/privacy-is-geen-obstakel-en-hoort-in-klantreis\/","title":{"rendered":"Privacy is not an 'obstacle' and belongs in customer travel"},"content":{"rendered":"

DNB started on 9 August 2019 with the public consultation<\/a> of the Q&A 'Customer journey without obstacles concerning payment initiation and account information services via third parties'. A mouthful. It's about what a customer has to do and experiences before a PSD2 service becomes available. The emphasis on working without obstacles puts privacy protection under pressure. A customer journey in which the customer is allowed to think about privacy is desirable.<\/p>\n\n\n\n

Download here our contribution to the consultation_DNB_19sept2019<\/em><\/a>Download<\/a><\/div>\n\n\n\n

The PSD2 states that after a consumer has given permission, all data must be shared. This RTS gives a technical elaboration of it. Under the PSD2, a bank may not obstruct a third party provider. Article 32 of the technical rules<\/span><\/a> requires third parties to be able to offer payment services 'in an unhindered and efficient manner'. These are banks that offer a interface<\/span><\/a> offer. Banks must not create obstacles for third parties in the interface. Obstacles are, for example: <\/p>\n\n\n\n

  1. Perform strong customer authentication (\"SCA\") twice in one customer journey<\/li>
  2. Management of the scope of consent of consent management-related steps<\/li>
  3. Additional confirmation screens (e.g. an overview page with 'continue' button)<\/li>
  4. Redirection screens requiring an action from the payment service user<\/li>
  5. Dissuasive language<\/li><\/ol>\n\n\n\n

    DNB has described what an efficient customer journey <\/a>is. The figure below shows the process for account information services. The process can easily be compared to the process of an online transaction. You buy something and pay via iDeal. It would be inefficient to have to go back to the store after your payment to confirm your payment again.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Customer journey: information and permission is part of it<\/h2>\n\n\n\n

    A consumer must give explicit permission to an account information service provider before a bank is allowed to share data. Before he gives permission, he must be informed and know what he is giving permission for. <\/p>\n\n\n\n

    It is not clear from the DNB process where consumers are informed in this process. In the above diagram, informing consumers will probably take place before the first process step. There are better places to think. Preference is given to clear information just before consent is given. For example:<\/p>\n\n\n\n