The implementation of GDPR and PSD2 in the EU as well as the PSD2 alignment with GDPR, encourage central banks in various countries including Indonesia to immediately implement an open banking system that also prioritizes privacy data protection. The PDP bill principle of explicit consent must be applied in open banking financial transactions that in Indonesia as stated in the National Standard Open API Payment (SNAP) 2021 (a Technical Standards and Governance Guideline). However, there are some fundamental differences regulated in PSD2 when compared to SNAP which will hinder Indonesia's adequate GDPR. This research is normative research with statutory approach and comparative approach. The results showed that there are some fundamental differences between PSD2 and SNAP, including the parties involved, data portability and the concept of re-consent or re-confirmation which are not regulated in SNAP but regulated in PSD2, for the concept of sensitive data payment, neither SNAP nor PSD2 provide the specific concept, both define it broadly.

Books

ASPI, & BI. (2021). Standar Nasional Open API Pembayaran.

Google, Temasek and Bain & Company. (2021). E-Conomy SEA 2021—Roaring 20s: the SEA Digital Decade.

H Bajrektarevic, A. and M. K. A. (2019a, January). GDPR: Humanizing Cyberspace. The Jakarta Post, 6.

H Bajrektarevic, A. and M. K. A. (2019b, January). Twinning Europe and Asia in Cyberspace. International Institute for Global Analyses.

Leong, E. (2020). Open Banking: The Changing Nature of Regulating Banking Data-A Case Study of Australia And Singapore (NUS Law Working Paper No. 2020/024, NUS Centre for Banking & Finance Law Working Paper 20/03).

OJK. (2020). Roadmap Pengembangan Perbankan Indonesia 2020 – 2025.

Reynolds, F. (2017). Open Banking a Consumer Perspective. In Open Banking (Issue January).

Sudibyo, A. (2019). Jagat Digital Pembebasan dan Penguasaan. PT. Gramedia.

Journal Article

Ali, M. I. (2020). Comparative Legal Research-Building a Legal Attitude for a Transnational World. Journal of Legal Studies, 26(40), 66–80. https://doi.org/10.2478/jles-2020-0012

Arner, D. W., Buckley, R. P., & Zetzsche, D. A. (2022). Open Banking, Open Data and Open Finance: Lessons from the European Union. Open Banking, 147–172.

Bär, F., & Mortimer-Schutts, I. (2020). Innovation in Open Banking: Lessons from the Recent Wave of Payment Institutions that Have Been Authorised to Provide Payment Initiation and Account Information Services. Journal of Payments Strategy and Systems, 14(3), 268–285.

Benmoussa, M. (2019). API “Application Programming Interface†Banking: A Promising Future for Financial Institutions (International Experience). Revue Des Sciences Commerciales, 18(2), 31–34.

Buckley, R. P., Jevglevskaja, N., & Farrell, S. (2022). Australia’s Data-Sharing Regime: Six Lessons for Europe. King’s Law Journal, 1–31. https://doi.org/10.1080/09615768.2022.2034582

Dratva, R. (2020). Is Open Banking Driving the Financial Industry Towards a True Electronic Market? Electronic Markets, 30(1), 65–67. https://doi.org/10.1007/s12525-020-00403-w

Fabcic, D. (2021). Strong Customer Authentication in Online Payments Under GDPR and PSD2: A Case of Cumulative Application. IFIP Advances in Information and Communication Technology, 619 IFIP. https://doi.org/10.1007/978-3-030-72465-8_5

Farrow, G. S. D. (2020). Open Banking: The Rise of the Cloud Platform. Journal of Payments Strategy and Systems, 14(2).

Fiona Maclean, Christian McDermott, C. D. and A. S. (2021). Consent Under PSD2 and the GDPR: Squaring the Circle. Butterworths Journal of International Banking and Financial Law, 184–186.

H Bajrektarevic, Anis and Melda Kamil Ariadno. 2019a. “GDPR : Humanizing Cyberspace.†THE Jakarta Post: 6.

———. 2019b. “Twinning Europe and Asia in Cyberspace.†International Institute for Global Analyses.

Kirwan, M., Mee, B., Clarke, N., Tanaka, A., Manaloto, L., Halpin, E., Gibbons, U., Cullen, A., McGarrigle, S., Connolly, E. M., Bennett, K., Gaffney, E., Flanagan, C., Tier, L., Flavin, R., & McElvaney, N. G. (2021). What GDPR and the Health Research Regulations (HRRs) mean for Ireland: “explicit consentâ€â€”a legal analysis. Irish Journal of Medical Science, 190(2), 515–521. https://doi.org/10.1007/s11845-020-02331-2

Li, H., Yu, L., & He, W. (2019). The Impact of GDPR on Global Technology Development. Journal of Global Information Technology Management, 22(1), 1–6. https://doi.org/10.1080/1097198X.2019.1569186

Nurmalasari, N. (2021). Urgensi Pengesahan Rancangan Undang-Undang Perlindungan Data Pribadi Demi Mewujudkan Kepastian Hukum. Syntax Idea, 3(8). https://doi.org/10.36418/syntax-idea.v6i8.1414

Petrović, M. (2020). PSD2 Influence on Digital Banking Transformation: Banks’ Perspective. Journal of Process Management. New Technologies, 8(4), 1–14. https://doi.org/10.5937/jouproman8-28153

Rahman, F. (2021). Kerangka Hukum Perlindungan Data Pribadi dalam Penerapan Sistem Pemerintahan Berbasis Elektronik di Indonesia. Jurnal Legislasi Indonesia, 18(1). https://doi.org/10.54629/jli.v18i1.736

Remolina, N. (2019). Open Banking: Regulatory Challenges for a New Form of Financial Intermediation in a Data-driven World. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3475019

Rizal, M. S. (2019). Perbandingan Perlindungan Data Pribadi Indonesia dan Malaysia. Jurnal Cakrawala Hukum, 10(2). https://doi.org/10.26905/idjch.v10i2.3349

Taekema, S. (2018). Theoretical and Normative Frameworks for Legal Research: Putting Theory into Practice. Law and Method. https://doi.org/10.5553/rem/.000031

Truong, N. B., Sun, K., Lee, G. M., & Guo, Y. (2020). GDPR-Compliant Personal Data Management: A Blockchain-Based Solution. IEEE Transactions on Information Forensics and Security, 15. https://doi.org/10.1109/TIFS.2019.2948287

Wagner, J. (2018). The Transfer of Personal Data to Third Countries Under The GDPR: When Does a Recipient Country Provide an Adequate Level of Protection? International Data Privacy Law, 8(4). https://doi.org/10.1093/idpl/ipy008

Wolters, P. T. J., & Jacobs, B. P. F. (2019). The Security of Access to Accounts under the PSD2. Computer Law and Security Review, 35(1). https://doi.org/10.1016/j.clsr.2018.10.005

Laws

POJK 12/2018 concerning the Implementation of Digital Banking Services by Commercial BanksDraft Law of the Republic of Indonesia concerning Personal Data Protection (PDP Bill)

Payment Services Directive Two (PSD2) EU

General Data Protection Regulation EU

Indonesian Personal Data Protection Bill (PDP Bill)

National Standard Open API Payment (SNAP) (Regulatory Technical Standard)

Regulation of Members of the Board of Governors Number 23/15/PADG/2021 concerning National Standards for Open Application Programming Interfaces

Bank Indonesia regulation number 23/11/PBI/2021 concerning the National Standard of Payment System

Roadmap for Indonesia Banking Development 2020–2025

Official Web

Deloitte Luxembourg. (2020). PSD2 and GDPR - friends or foes? Insights.

Open Data Institute. (n.d.). The Open Banking Standard. http://theodi.org/wp-content/uploads/2020/03/298569302-The-Open-Banking-Standard-1.pdf