Whether it is contactless payment, cryptocurrencies, or the digitization of payment transactions, several solutions make it possible to pay for a service or a product on a daily basis. WHEN CONFIDENCE PAYS: the means of payment of today and tomorrow to the challenge of data protection, this is the title of the white paper published by the CNIL on new means of payment.
With this document, the personal data protection authority wishes to draw attention to the application of the GDPR in the area of payments.
General Motors plans to invest $ 35 billion to accelerate on electric
A strong increase in new means of payment which worries the CNIL
“Significant changes in means of payment are underway, in particular since the start of the pandemic: increased use of contactless payment, decline in the use of cash, boom in online shopping” specifies Marie-Laure Denis, president of the CNIL. It is this strong growth in the use of new means of payment that raises questions in terms of privacy and data protection.
For the CNIL, “It is reasonable to define payment data as all the personal data used when providing a payment service for a natural person”. As presented in the report, the payments and associated transactions are not well known to the general public. While the economic stakes are considerable, the use of these increasingly digitized solutions can make it possible to trace personal activities or identify user behavior.
Limitation of fraud and compliance with the GDPR
The white paper reviews several points of legal vigilance of the CNIL in terms of the application of the GDPR. Eight key points have been raised in this document, they relate to the anonymity and security of payment data, and to the protection of the confidentiality of transactions. The authority goes even further by offering payment players to make their compliance with the GDPR a trusted asset to reassure the customer. The CNIL relies on one figure in particular: 68% of online shopping enthusiasts think that the security of data and transactions on an e-commerce site is a relevant selection criterion.
The CNIL reminds you, “Consumers are also protected by national and European regulations governing distance selling and by the principle that the supplier of payment instruments remains responsible for online fraud”. Fraud which increased by 5% in 2020 compared to 2019 and which mainly concerns remote payments.
The CNIL wishes to open a dialogue with the payment players of today and tomorrow
In September, the personal data protection authority launched its new self-assessment guide. It allows any organization with tools on the web to take stock of their level of compliance with the GDPR and detect their weaknesses.
The white paper written by the CNIL is only the first step in ensuring that the GDPR is respected from A to Z by all players in the sector. She wants to discuss with stakeholders and deepen the dialogue around new payment methods. A roadmap for educational solutions for individuals and support for professionals is proposed.
In addition, an online public consultation is open and available until December 15. It aims to collect the reactions to the white paper, but also any position, any testimony and any needs of the stakeholders. The CNIL thus wishes to refine its next stages of reflection around new means of payment.