CNIL publishes a new White paper on payment data and means of payment

24 2022

CNIL publishes a new White paper on payment data and means of payment

What are the data protection challenges when making a payment? In order to raise awareness of the public, support professionals and anticipate future transformations, CNIL has published a new White paper which now can be read in its English version: "When trust pays off: today's and tomorrow's means of payment methods facing the challenge of data protection".

View 2.2K

word 758 read time 3 minutes, 47 Seconds

Economic transformations and challenges to privacy

Increasing use of contactless payment, decline in the use of cash, transfers between individuals, digital euro, etc. Significant changes are taking place in the area of payments, witnessing a triple upheaval: technological, competitive, and regulatory.

While the economic stakes are significant, the use of a particular means of payment raises important questions about privacy and personal data protection. The associated data (payment data, contextual data, even purchase data) may indeed make it possible to trace personal activities or identify individual behaviour. The anonymity of transactions, international data transfers, legal certainty in the application of the General Data Protection Regulation (GDPR), are all key issues in this field.

Payments and related operations are not well known to the general public. This is a complex field, not quite transparent, involving multiple players, and yet, a good understanding of it is a prerequisite for establishing a relationship of trust between individuals and innovative uses.

A new White paper to understand, support and anticipate

Faced with these challenges, the CNIL wanted to shed light on the main economic, legal and societal issues relating to data and means of payment, in the form of a White paper providing for perspectives, analyses and a roadmap for future work. This White paper is intended for:

  • the general public: for a better understanding of the privacy issues relating to data and means of payment;
  • professionals: for developments on the CNIL's points of vigilance in this area, as well as the priorities it foresees in terms of support.
It addresses a wide range of issues: from the variety of players with new competitive dynamics, to the international circulation of payment data - a sovereignty issue for Europe - via the question of anonymity and the use of cash, the new risks arising from the increasing digitalisation of payment operations, the use of "crypto-currencies", the practical application of the main principles of GDPR in the field of payments, etc.

The White paper reviews the CNIL's points of vigilance regarding the application of GDPR in the field of payments and it outlines the work to be done to support professionals in this field. By providing legal certainty, the CNIL will contribute to level the playing field between actors as well as to a perfect compliance of these players with GDPR.

It develops eight key messages for the ecosystem and the public debate:

  1. the preservation of the anonymity of payments, by the use of cash and the free choice of means of payment;
  2. the importance of protecting the privacy of transactions by design (from the outset) in the ongoing digital euro project, launched by the European Central Bank in July 2021;
  3. the prospective attention to pay to mobile payment, which has considerable development potential on the French market;
  4. the interest for innovative players to make their compliance with GDPR a factor of trust for customers who are led to entrust their data for new uses;
  5. the main points of application of GDPR on which CNIL wishes to provide legal certainty;
  6. the importance of security of payment data, with the "tokenisation" of this data as a good practice;
  7. questions on the localisation of payment data in Europe, as a contribution to the ongoing debate on European digital autonomy;
  8. recommendations for the future European card network, which is currently being created: EPI (European Payments Initiative).
As regards the legal points of vigilance, the CNIL will focus its attention on the status of actors in the payment chain, minimisation and purpose definition, data sharing and reuse, security, and fraud prevention. A compliance roadmap at national and EU level with the European data protection board (EDPB) will provide advice on the qualification of actors, the trend to enrichment of payment data, and mutualisation of data between players,

Finally, payment operations are located at the crossroads of different regulations, which requires close cooperation between the financial, competition and data protection regulatory authorities. It is worth making the voice of privacy protection issues raised by the CNIL heard in the national and European debates: deployment of instant payment, revision of the PSD2 directive, creation of the European financial data space.

Read the White paper

Source by Redazione

LSNN is an independent editor which relies on reader support. We disclose the reality of the facts, after careful observations of the contents rigorously taken from direct sources, we work in the direction of freedom of expression and for human rights , in an oppressed society that struggles more and more in differentiating. Collecting contributions allows us to continue giving reliable information that takes many hours of work. LSNN is in continuous development and offers its own platform, to give space to authors, who fully exploit its potential. Your help is also needed now more than ever!

In a world, where disinformation is the main strategy, adopted to be able to act sometimes to the detriment of human rights by increasingly reducing freedom of expression , You can make a difference by helping us to keep disclosure alive. This project was born in June 1999 and has become a real mission, which we carry out with dedication and always independently "this is a fact: we have never made use of funds or contributions of any kind, we have always self-financed every single operation and dissemination project ". Give your hard-earned cash to sites or channels that change flags every time the wind blows , LSNN is proof that you don't change flags you were born for! We have seen the birth of realities that die after a few months at most after two years. Those who continue in the nurturing reality of which there is no history, in some way contribute in taking more and more freedom of expression from people who, like You , have decided and want to live in a more ethical world, in which existing is not a right to be conquered, L or it is because you already exist and were born with these rights! The ability to distinguish and decide intelligently is a fact, which allows us to continue . An important fact is the time that «LSNN takes» and it is remarkable! Countless hours in source research and control, development, security, public relations, is the foundation of our basic and day-to-day tasks. We do not schedule releases and publications, everything happens spontaneously and at all hours of the day or night, in the instant in which the single author or whoever writes or curates the contents makes them public. LSNN has made this popular project pure love, in the direction of the right of expression and always on the side of human rights. Thanks, contribute now click here this is the wallet to contribute

Similar Articles / CNIL pub...f payment