Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR

Section 4.1  Silent party data

44 A data protection issue that needs careful consideration is the processing of so called ‘silent party data’. In the context of this document, silent party data are personal data concerning a data subject who is not the user of a specific payment service provider, but whose personal data are processed by that specific payment service provider for the performance of a contract between the provider and the payment service user. This is for example the case where a payment service user, data subject A, makes use of the services of an AISP, and data subject B has made a series of payment transactions to the payment account of data subject A. In this case, data subject B is regarded as the ‘silent party’ and the personal data (such as the account number of data subject B and the amount of money that was involved in these transactions) relating to data subject B, is regarded as ‘silent party data’.