Closed atoulme closed 2 years ago
chaals
commented
2 years ago What if we clarify what the counterparties' data concerning any party outside the BPI means?
The BPI MUST not provide any information that identifies a third party, not participant. How does the BPI know that? Is this a requirement that should be placed on usage?
Kasshern
commented
2 years ago Clarification does seem to be needed.
I originally interpreted this as requiring the BPI to ensure the privacy of the participating counterparties' data from sniffing of parties that exist outside of the BPI in question. It is clear that others are interpreting this requirement as ensuring data communicated by the participating counterparties within the BPI does not reveal the data/identity of third parties that are not participating within the BPI.
Therecanbeonlyone1969
commented
2 years ago Closing. Addressed with merged PR https://github.com/eea-oasis/baseline-standard/pull/173
It is not easy to understand the ramifications of requirement R17.
[](https://github.com/eea-oasis/baseline-standard/blob/main/core/baseline-core-v1.0-psd01.md#r18)A BPI MUST be able to provide privacy of the (commercial) counterparties' data concerning any party outside of the BPI.Does that mean that privacy is an optional element? Can we be more precise in our language here?