[Semaphor]

Were old transactions grandfathered in, or did Germany implement the laws differently? Because I never had to do any authorization besides checking a box that I allow them to debit my account (either on paper or online). All my existing ones predate PSD2, though.

[grncdr]

I'm fairly certain that SEPA mandate identifiers for recurring direct debits existed for years before PSD2. the way it works from the merchant perspective is you include the mandate identifier and a "type" to indicate if this is a first/recurring debit. The merchant only finds out about any problems some days (or months) later.

How your bank presents (or doesn't present) a new SEPA mandate to you for approval is up to them. I'd guess that at least some of them never show you anything, and assume that you will notice and revoke the payment if it was unexpected or fraudulent.

[Semaphor]

Neither Postbank, N26, nor the 2 Sparkasse branches I’ve been a customer of ever showed me anything for approval, so I guess it’s not very common.