Articles by: Nikola Musilová


Priority for EBA: Access of third parties to dedicated banking interfaces with no obstacles

In June 2020, the European Banking Authority (EBA) published an Opinion clarifying certain provisions of the Regulatory Technical Standards (RTS) on strong customer authentication (SCA). The Opinion of the EBA is dedicated to clarifying the setup of interfaces provided by account servicing payment service providers (ASPSPs) to third parties, specifically to account information service providers (AISPs) and to payment initiation service providers (PISPs). These interfaces must be set up in a way that imposes no obstacles on its use by these third parties. 

25. 6. 2020

E-shop Must Pay Compensation to a Client for a Login Data Breach

In the case of a user who sued a Czech e-shop provider for a login and identification data breach, the Court reached a judgement and awarded financial compensation to the plaintiff. Would you like to find out more? Read the December issue of our TechLaw Newsletter. In the field of personal data protection, we further analyse the draft methodology of the Czech Office for Personal Data Protection regarding the correct conduct of the data protection impact assessment. Furthermore, we discuss an important European case law concerning the limits of employee monitoring. 

28. 1. 2020

What Does the RTS on SCA Bring with Regard to Statutory Audits?

Regulatory technical standards for strong customer authentication (the “RTS to SCA”), which entered into force on 14 September 2019, brought about a number of new obligations to payment service providers, including banks and payment institutions. Although the media mention, in particular, new obligations related to the requirements for strong customer authentication, in particular when initiating electronic payments (whether it is card payments in the store, the purchase of goods in an e-shop, entering an order in online banking or other acts), which must newly be a two-factor one (i.e. consisting of a combination of two or more elements from the category of ‘knowledge’, ‘possession’ and ‘inherence’), the above regulation also brings about new obligations of a purely internal nature. Specifically, the obligation to carry out internal audits, namely the audit of security measures (“audit of security measures”) as well as an audit of the way in which the so-called transaction risk analysis (“TRA audit”) is carried out. What are these two types of audits about and what is their substance? 

25. 11. 2019

Uncertainties regarding the processing of biometric data persist; experts’ opinions on their processing differ

In recent months, the Office for Personal Data Protection (the “Office”) has attracted the attention of both the professional and non-professional public with its decisions or statements on the processing of biometric data, specifically in relation to dynamic biometric signature and attendance systems. As there are a number of open issues with regard to the new data protection legislation, the opinions and approaches of experts regarding the conditions under which data may be processed differ as well. What does the professional debate currently deal with? 

19. 9. 2019