How do I give consent for a Third Party Provider (TPP) to access my account data?
When you sign up with a Third Party Provider (TPP) for account information services, the TPP should give you enough information to understand the nature of the service being provided and how it will use your data, including whether it will share your data with anyone else. It will need to get your consent to access your data for the purpose of providing services to you.
TPPs that can initiate payments on your behalf also access your account to do so, but in a more limited way than for account information services. If you are making a payment using a Payment Initiation Service Provider they will ask you before they initiate the payment where you give your consent for them to do so.
TPPs that issue cards or e-wallets, which you can use to make payments from any account you have linked to that card, will also have to ask for your consent before they can ask us to confirm if you have enough money in your account to make a payment. You will also need to provide your consent to us before the TPP can begin this service for you.
Companies that access your data need to comply with data protection law. Banks, building societies and other payment services providers, including Account Information Services (AIS) and Payment Intitiation Services (PIS) providers, will be subject to the General Data Protection Regulation as well as the requirements of PSD2.
If you have a concern about a breach of data protection, you can contact the Information Commissioner’s Office.