The increasing digitization of payment transactions, the development of contactless communications, the use of cryptocurrencies … CNIL is concerned about the implementation of the General Data Protection Regulation in the field of payments, which, according to the General of Personal Data, raises important questions regarding privacy and data protection.
“Payment data (bank data, contextual data, and even purchase data) can actually make it possible to track personal activities or determine the behavior of individuals.”, Cnil explains in A white book It was published on October 6. Anonymization of transactions and international data transfers are among the issues addressed in this very comprehensive document, which aims to highlight key economic, legal and societal issues of data and means of payment.
A wealth of information for each process
CNIL defines payment data as All personal data used when providing a payment service to a natural person. In concrete terms, this includes the identifiers of the means of payment, the amount of the transaction, the date and time of payment, the identity of the merchant, its IBAN, characteristics of the products purchased, the place of purchase, and identifiers. Card, geographical location, characteristics of the device used for online purchase, products expected before purchase, etc.
“This data is personal data, as it relates to an identified or identified natural person (the customer), directly or indirectly. Some of them qualify as personal data when taken individually, others due to their joint collection with other data for identification purposes (eg browser properties) or because they can be verified with others for the purposes of inferring a person (such as the amount of a transaction)”Cnil explains. They are valuable because they can be used to track buyer activity and commit fraud.
CNIL, wishing to develop a frame of reference in terms of GDPR compliance for all players in the payment sector, has chosen to stoke public debate and reflection around eight priorities, including maintaining the ‘anonymity of payments’, and the importance of protecting transaction confidentiality from designing The European Central Bank’s digital euro project, mobile payment development, promoting the development of “tokenization” to secure bank card transactions, payment data site in Europe.
“Unapologetic pop culture trailblazer. Freelance troublemaker. Food guru. Alcohol fanatic. Gamer. Explorer. Thinker.”
