The global electronic payment services market has grown rapidly in the area of financial technologies, commonly known as ＂FinTech.＂ To facilitate the integration of the single payment market in Europe, the EU revised payment services directive (PSD2) has been implemented into EU members domestic laws since 2018. PSD2 provides a legal foundation for open banking in order to balance the competition between new payment services providers and conventional financial institutions. PSD2 also recognizes that personal data has been collected and used more aggressively during the transaction of electronic payment services. In addressing the significance of personal data protection, PSD2 ensures the payment services users' right to data portability and integrates with GDPR's legal framework. By defining the ＂explicit consent＂ and refining the application of the principles of data protection, PSD2 and GDPR have formed a protective net for personal data to ensure data protection and portability. Given that Taiwan has recently integrated and amended its laws governing electronic payment institutions, this research is intended to provide reference for Taiwan legislators in the consideration of examining the current personal data protection law and establish a legal framework of protecting personal data during the electronic payment process. Strengthening the personal data protection can significantly boost consumers' confidence on electronic payment services and therefore further the development of the electronic payment services industry.