EBF EVENTS
x
EBF Hosts Fifth Edition of Data Protection Officers Forum
x
Brussels, 16 April 2025 – The European Banking Federation (EBF) successfully hosted the fifth edition of its Data Protection Officers Forum (DPO Forum) on 8 April 2025 in Brussels. The event brought together over 70 Data Protection Officers from 16 countries across Europe, alongside representatives from the Data Protection Authorities (DPAs), the European Data Protection Board (EDPB), and the European Commission.
The EBF DPO Forum serves as a platform to address the practical issues that have arisen since the General Data Protection Reregulation (GDPR) came into effect. It fosters open dialogue among DPOs and encourages the exchange of best? good practices in the implementation of data protection rules, with the goal of promoting a harmonised approach at European level, benefiting both the banking sector and data subjects.
This year’s edition focused on the practical interplay between the GDPR and the AI Act, including the implementation of transparency obligations stemming from both regulations. Participants also engaged in discussions on challenges and best practices involved in the exchange of information for anti-money laundering (AML) purposes in the context of operational Public-Private Partnerships (PPPs).
DPOs further exchanged views and discussed with the relevant authorities on the role of AML supervisors and data protection authorities in enabling a workable AML framework for financial institutions. The Forum concluded with an exploration of how the GDPR can support the development and deployment of innovative AI in the baking industry, while safeguarding personal data.
x
For more information please contact:
Rachele Ceraulo, Policy Adviser – Data & Innovation, r.ceraulo@ebf.eu
About the EBF:
The European Banking Federation is the voice of the European banking sector, bringing together national banking associations from across Europe. The federation is committed to a thriving European economy that is underpinned by a stable, secure, and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.
Stay in touch with the EBF
The EBF produces a daily and a weekly newsletter with European banking news and updates from national banking associations across Europe. CLICK HERE TO SUBSCRIBE
The post EBF Hosts Fifth Edition of Data Protection Officers Forum appeared first on EBF.
]]>EBF POSITION
EBF response to the European Commission Call for Evidence on the Report on the General Data Protection Regulation (Art. 97)
BRUSSELS, 12 February 2024 – This response complements the questionnaire response provided to the European Commission Multi-Stakeholder Expert Group of which the European Banking Federation is a member of. The introduction of the GDPR resulted in a significant increase in the attention for and the application of data protection rules.
The banking sector has a long tradition of compliance and affinity with customer data protection since even before the entry into force of the Directive 95/46/EC. This enduring commitment underscores the industry’s dedication to maintaining the highest standards of data security and privacy for its clients. The principle and risk-based approach of the Regulation remains one of its main benefits and should remain at the core of the GDPR. This is important for banks in light of the many sectoral regulations they have to abide by and for their ongoing digital transformation. However, challenges remain, and we would like to highlight the following general points:
- Ensuring the uniform application and implementation of the GDPR across member states
- Practical consideration of the interplay between the GDPR and other regulations, including at the sectoral level
- Preserving the risk-based approach of the GDPR.
x
For more information please contact:
Liga Semane
Senior policy Adviser, Innovation & Data, l.semane@ebf.eu
x
About the EBF:
The European Banking Federation is the voice of the European banking sector, bringing together national banking associations from across Europe. The EBF is committed to a thriving European economy that is underpinned by a stable, secure and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.
The post EBF response to the European Commission Call for Evidence on the Report on the General Data Protection Regulation (Art. 97) appeared first on EBF.
]]>Data Usage, Access & Sharing in The Digital Economy: EBF Position Paper
BRUSSELS, January 2020 – The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 3,500 banks – large and small, wholesale and retail, local and international – employing about two million people. As part of the digital transformation of the banking sector and more broadly of the European economy, the EBF would like to provide its initial assessment and remarks on the current debate around the appropriate milestones for the development of a data-driven economy. The EBF stands ready to provide further support and more detailed recommendations on this issue as necessary. There is widespread consensus that data has become a strategic asset in the digital economy. Data is also one of the key ingredients of Artificial Intelligence and machine learning. Building a European data economy is part of the Digital Single Market strategy. Access to and re-use of data is considered a crucial step towards a competitive EU data economy which will benefit both consumers and EU firms.
The competitiveness of firms thus increasingly depends on timely access to relevant data. On the one hand, the broadest dissemination (through access and sharing) and use of data by the largest number of firms would seem to be desirable; on the other hand, the efficiency of broad data dissemination must be balanced against a number of other important concerns, such as the need to ensure sufficient investment incentives for firms to collect, process and secure data; the need to protect privacy (where sensitive personal data is concerned) and business secrets; and, the possible collusive aspects of data sharing. The issue is unquestionably complex. Although the debate touches upon all the different types of data (personal, non-personal) , this note focuses only on the usage, access and sharing of personal data, most likely the most complex aspect of the discussion.
Media contact:
Liga Semane, Data & Innovation – Policy Adviser – l.semane@ebf.eu
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post Data Usage, Access & Sharing in The Digital Economy: EBF Position Paper appeared first on EBF.
]]>BRUSSELS, 11 July 2017 – The European Parliament today hosted a breakfast meeting with representatives of consumer groups, financial technology firms, IT experts, banks and banking associations on the interaction between banks and third-party providers (TPPs) under the second EU Payment Services Directive (PSD2). Hosted by MEP Neena Gill (S&D, UK), the breakfast heard from representatives of the European Banking Federation, MoneyHub, UKFinance, the Berlin Group, BEUC, the European consumer organisation, the European Commission and the European Association of Cooperative Banks.
Interesting points by @davidgtonge CTO @moneyhubapp on the importance of having a common interface’s to encourage innovation #EBF #psd2 pic.twitter.com/srgaWfoteE
— Neena Gill MEP (@NeenaGmep) July 11, 2017
Hosting #EBF ‘Traditional banks have no divine right to handle payments. #Fintech sector can help innovate best products for consumer’ #PSD2 pic.twitter.com/dTq3pDgwDO
— Neena Gill MEP (@NeenaGmep) July 11, 2017
The EBF presented the following video to explain the importance of APIs, or Application Programming Interfaces, when it comes to future interaction of clients with their bank accounts.
Thx @NeenaGmep for hosting PSD2 WS. Imp. to understand what is @stake! APIs will open competition in safer & reliable way!Notscreenscraping
— de Brouwer S (@deBrouwerEBF) July 11, 2017
Valuable insights shared on #fintech #PSD2 #Openbanking #payments and fin. innovation at @Europarl_EN breakfast kindly hosted by @NeenaGmep pic.twitter.com/MaGBG9MQ8m
— EBF 🇪🇺 (@EBFeu) July 11, 2017
UK #fintech community united in approach to #openbanking via APIs, David Tong @MoneyHubUK tells PSD2 breakfast w/ @NeenaGmep in Brussels pic.twitter.com/zCPydrrAZS
— Raymond Frenken (@FrenkenEBF) July 11, 2017
Monique Gooyens presented the position of Beuc, the European consumer organisation, speaking out clearly against the use of screen-scraping:
#beuc is opposed to #screenscraping for #data #protection and #security reasons. Support #eba_News standard and strong #APIs pic.twitter.com/Q5xt7Gn4L0
— Elisa BevilacquaEACB (@bevilacquaeacb) July 11, 2017
The battle between #FinTechs and banks on consumer data is heating up – here’s what we think needs to happen https://t.co/lTU389yCqG pic.twitter.com/UNi8Kb4l6P
— The Consumer Voice (@beuc) July 6, 2017
EBF, EACB and the European Savings Banks Group (ESBG) presented a jointly held position on efficient and future-proof interaction between banks and third-parties under PSD2. Click here for the position document.
Related:
- 14 June 2017: EU FinTech consultation: put needs of end-users first
- 2 June 2017: Banks support ecosystem of interoperable APIs in EU
- 16 May 2017: EBF video: What is screen-scraping?
- 24 February 2017: European banks support innovation under PSD2
EBF media contact:
Raymond Frenken, Head of Communications, +32 496 52 59 47, r.frenken@ebf.eu
About the EBF:
The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 4,500 banks – large and small, wholesale and retail, local and international – employing about 2.1 million people.EBF members represent banks that make available loans to the European economy in excess of €20 trillion and that securely handle more than 400 million payment transactions per day. Launched in 1960, the EBF is committed to creating a single market for financial services in the European Union and to supporting policies that foster economic growth.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post PSD2 breakfast at the European Parliament appeared first on EBF.
]]>EBF comments on the Article 29 WP guidelines on data protection impact assessment (dpia) – wp248
EBF advisor: Noémie Papp
Publication date: 23 May 2017
Key points:
Data Protection Impact Assessment (DPIA) should be based on a risk-based approach:
We understand that the Article 29 Data Protection Working Party (WP29) intends to recommend a risk-based approach, but this can be clarified and strengthened in the guidelines.
- No mandatory DPIA for data processing requested by legal requirements:
A DPIA is intended to produce protection and privacy-friendly solutions where a data processing is likely to result in a high risk. If, however, a bank is subject by law to certain data processing requirements (e.g. monitoring payments to combat money laundering and fraud, processing employee data to comply with statutory tax and social security provisions), the legislator has already decided that such processing is legitimate. The bank has no discretion as to whether it performs the processing called for by the legislator or not.
- Scope:
The Guidelines provide a very large scope of criteria (listed on page 7-9) which are not adapted to the banking practice. An application of the current Guidelines would mean that each processing of financial data on a large scale would be considered as “likely to result in a high risk” under Article 35 (3). This will require banks to conduct a DPIA for most of their day-to-day operations/activities which would be disproportionate to the low risk of most bank data processing. Most routine data processing by banks is highly regulated, well controlled and well understood, and will not pose a high risk to data subjects.
- The “high risk to the rights and freedoms of natural persons” should be the deciding factor to conduct a DPIA:
While it is, in principle, helpful to provide examples of cases in which a DPIA should be conducted, an obligation to carry out a DPIA should not automatically be inferred from these examples. Instead, the “high risk to the rights and freedoms of natural persons” threshold should be the deciding factor to conduct DPIA. The ‘criteria’ for high risk should be reframed as ‘factors’ for controllers to consider when determining high risk. Factors that suggest that processing is ‘low risk’ should also be added and should include in particular the presence of other relevant regulation that protects data subjects.
The WP29 Guidelines on DPIA requirements should not go beyond the scope defined by the GDPR:
The Guidelines in many ways will be of help for the companies in their work with Data Protection Authorities. However, we observe that certain provisions go beyond the General Data Protection Regulation (GDPR). Helping interpretation of the text is useful, but seemingly, expanding the requirement to carry out a DPIA beyond the provisions of the GDPR should be avoided. This would pose unmanageable challenges to companies and also be at odds with the risk-based approach of targeted use of limited resources for particularly important cases (“be selective, be effective”).
DPIA for existing processing operations:
The Guidelines strongly recommend to carry out DPIAs for processing operations already underway prior to the entry into force of the GDPR. It seems rather burdensome to expect organisations to assess all of their existing processing operations as if they were already subject to DPIA. The Guidelines should be aligned with the scope defined by the Level 1 GDPR text, and not go beyond.
We propose to omit such a recommendation in view of the fact that the requirements for the future are already very challenging.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post Data Protection Impact Assessment: EBF comments on Article 29 Working Party guidelines appeared first on EBF.
]]>Brussels, 22 May 2019
k
The General Data Protection Regulation (GDPR), which entered into force on 25 May 2018, formally recognized the appointment and role of Data Protection Officers (DPOs).
The EBF organised the first Data Protection Officers Forum, 22 May 2019. The EBF DPO Forum aims at addressing more practical issues that may have arisen following the entry into force of the GDPR. It encourages the exchange of good practices, through the opening of a line of communication facilitating dialogue amongst DPOs in Europe to promote a harmonised approach at European level for the benefit of the banking sector and data subjects.
This first meeting, which aimed to create an open forum of discussions, saw 40 DPOs and representatives from 10 national associations (representing in total 17 European countries) exchange views and good practices on some key issues identified in the implementation of the European data protection framework.
EBF members and DPOs notably discussed some questions regarding internal governance and processes put in place related to the position of DPOs in banks to ensure compliance with the GDPR. Members also exchanged views on some practical questions linked to the data breach notification framework provided by the GDPR.
During the afternoon session, members exchanged views and discussed how to ensure a strong data protection framework for customers’ data, with guests from the European Commission, the European Central Bank as well as with several national data protection authorities and national financial supervisors.
EBF advisor: Hélène BENOIST
EBF DPO Forum pictures
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post Data Protection Officers meet at first EBF DPO Forum appeared first on EBF.
]]>EBF advisor: Noémie Papp
Publication date: 15 February 2017
The EBF welcomes the possibility given to provide comments on the Guidelines prepared by the Article 29 Data Protection working party (Article 29 WP) on the Data Protection Officers (DPOs).
The response focuses specifically on ‘Easily accessible from each establishment’ (2.3)
As a general comment, we believe that further consideration should be given to the principle of proportionality as the proposed guidelines could potentially be very burdensome especially for the smaller banks.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post EBF’s comments to the Working Party 29: Guidelines on data protection officers appeared first on EBF.
]]>
JOINT INDUSTRY LETTER
x
Impact of CJEU Schrems II ruling on the framework for international data transfers
BRUSSELS, 6 October 2020 – The European Banking Federation, together with five other financial industry associations, has co-signed a letter calling attention to the impact of the Court of Justice of the European Union (CJEU) “Schrems II” ruling on the framework for international data transfers.
The signatories note the substantial legal uncertainty which companies currently face regarding the conditions under which Standard Contractual Clauses (SCCs) can be used for data transfers, especially to the US, and to the questions it has raised on all the available mechanisms under the GDPR to transfer personal data between EU and non-EU countries.
Warning against risks such as the fragmentation in the interpretation and enforcement of the judgement by national data protection authorities (DPAs), the signatories welcome the European Data Protection Board’s (EDPB) work on guidance on additional measures companies can put in place alongside SCCs, and stress the need for a proportionate and risk based approach. The Annex of the letter includes specific recommendations for this upcoming Guidance.
The European Commission’s work on modernizing the SCCs is also welcome and the signatories call on the Commission to finalize their work, providing SCCs which take a risk based approach, provide for transfers in a variety of situations and relationships and are available for use as standalone tools.
More information:
Liga Semane, Policy Adviser – Data & Innovation l.semane@ebf.eu
About the European Banking Federation:
The European Banking Federation is the voice of the European banking sector, bringing together national banking associations from across Europe. The EBF is committed to a thriving European economy that is underpinned by a stable, secure and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post Joint Industry Letter: Impact of CJEU Schrems II ruling on the framework for international data transfers appeared first on EBF.
]]>EBF STATEMENT
EBF: Online payment standards still face obstacles
- Banks fully support secure payments in EU Digital Single Market
- EU Commission recognizes importance of APIs for online payments
- ‘Fall-back’ criteria seen as incompatible with operational reality
BRUSSELS, 27 November 2017 – The European Banking Federation notes that the European Commission on Monday adopted its regulatory and technical standards for the second EU Payment Services Directive, known as PSD2, designed to allow consumers to access more convenient and innovative payment solutions.
Considering client needs at a time when cybersecurity becomes increasingly important, banks fully support a safe online payments landscape in the EU Digital Single Market. Such a system needs to be based on an efficient and effective ecosystem of payment interfaces, known as APIs, so that online payments can be secure and that communication via the banks’ infrastructure between third-party service providers and clients can be reliable.
The EBF had asked EU policymakers to introduce the rules for PSD2 in such a way that privacy of client data and security of bank accounts both are fully respected. In its initial assessment of the adopted standards EBF notes as positive the recognition of the importance of APIs for the online payments landscape in the EU. APIs[1] are the only secure and reliable way possible for letting competition unfold in the EU single market.
EBF notes the Commission said it will end the unsafe practice of screen scraping by third party service providers. EBF however does not consider the ‘fall-back’ solution adopted by the Commission as a practicable. The criteria that would trigger the fall-back appear to be incompatible with operational reality. This solution also does not ascertain that the information accessed by the third-party provider is limited to what is needed for execution of the service they provide.
Media contact:
Raymond Frenken, Head of Communications, +32 2 508 3732, r.frenken@ebf.eu
About the EBF:
The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 3,500 banks – large and small, wholesale and retail, local and international – employing approximately two million people. EBF members represent banks that make available loans to the European economy in excess of €20 trillion and that securely handle more than 400 million payment transactions per day. Launched in 1960, the EBF is committed to creating a single market for financial services in the European Union and to supporting policies that foster economic growth.
[1] EBF video: What APIs mean for banking http://www.ebf.eu/what-do-apis-mean-for-banking/
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post PSD2 RTS adopted: Online payment standards still face obstacles appeared first on EBF.
]]>EBF advisors: Noémie Papp & Hélène Benoist
Publication date: 28 November 2017
Key points:
- Automated decision-making can be beneficial to individuals and society: It is important to keep in mind that human decisions are often biased and automated decision-making can therefore help make fairer and more accurate decisions. It is important that the profiling and automated decision-making regulatory framework as a whole puts in place appropriate safeguards without blocking the legitimate and socially beneficial uses of these techniques.
- Focus on the “right not to be subject to automated decision-making” in line with the GDPR instead of full prohibition: The EBF fully supports the objectives of the GDPR to increase transparency around personal data processing and to give data subjects more control over their data. However, the WP29’s interpretation of Article 22(1) as a full prohibition is going further than what is prescribed by the GDPR which grants data subjects the right not to be subject to a decision based solely on automated processing of personal data.
- Protect consumers and ensure compliance with existing legal and supervisory requirements: In financial services, profiling may be used among other things with the view to protect consumers and comply with regulatory/supervisory requirements imposed on the banking sector, such as the Anti-Money Laundering Directive (AMLD) to detect and prevent fraud, terrorism financing or other criminal activity; the Markets in Financial Instruments Directive (MiFID); the Consumer Credit Directive (CCD) or the Mortgage Credit Directive (MCD) with the aim to ensure responsible lending and that individuals do not become over-indebted; it could help the bank to make risk models or to manage the firm’s overall financial position.
- Propose only examples reflecting the general practice of the industry: Although we appreciate the efforts of the WP29 to provide clarity and reassure stakeholders of their rights, we believe some of the examples provided do not reflect the general practice of the banking sector but represent more marginal examples. This approach could be misleading and could lead data subjects to make false assumptions about their banks. We thus offer changes and amendments to highlight more effectively the potential (and, in many cases, already existing) benefits of automated decision-making and profiling in relation to the financial industry.
- Importance to ensure consistency between the approach undertaken by the WP29 and the existing EU/national legislation. The Guidelines should clarify that uses of automated decision-making for compliance with rules and guidance set by a regulatory authority are considered to be ‘authorised’. It is important to ensure full consistency with the approach adopted by other regulatory/supervisory bodies, authorities or agencies.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The post Automated individual decision-making and profiling–WP251: EBF comments on the Article. 29 Working Party guidelines appeared first on EBF.
]]>