Digital payment methods pose a risk to people’s privacy, according to the European privacy regulator EDPS (European Data Protection Supervisor) in a report. The EDPS regularly publishes a so-called TechDispatch to explain emerging technological developments. This time it’s about digital payment methods and their possible impact on privacy and the protection of personal data.
Digital payment methods require personal information
In addition to paying with a bank card, the EDPS also warns about the privacy risks of other digital payment methods, such as the use of smartphones, QR codes and NFC. Only cash payments do not involve processing personal data, according to the EDPS.
“Because of the way card-based payments work, traceability is inherent, exposing data subjects to a variety of risks,” the EDPS writes in the report.
The supervisor also explains how the processing of data with digital payment methods works. For successful payment, a device must authenticate the customer using data on a card or chip. Various software is needed during the process, such as software that makes the transaction easier and software that processes the payment.
According to the EDPS, digital payment methods are highly dependent on data processing. “The diversity of the actors involved in the process and the intensity of these processing operations have many implications for data protection.”
A lot of personal information known
By tracking someone’s payments, many details of his or her life can become clear. For example, investigative services use credit card payments to track down suspects. Various actors also observe the behaviour of payers in order to recognize patterns and prevent fraud attempts, the EDPS states.
The transactions that take place with digital payment methods make it possible to “determine a consumer’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life and sexual orientation. lead”, according to the EDPS.
The regulator also states that financial legislation obliges banks to keep information about transactions and bank accounts for a longer period of time. Storing data is necessary to fight tax evasion, money laundering and international crime.
While the EDPS mentions these as important objectives for society, it also states that this data collection relates to many aspects of citizens’ private lives. As the use of digital payments expands, it involves more and more details and personal information, according to the EDPS.
Risks for the future
Such a massive data set carries a general risk of mass surveillance and unintended use, according to the EDPS. For example, the data can be used for other purposes in the future or accidentally leaked.
The European Commission recently proposed the Digital Operational Resilience Directive. This should make the financial sector more resilient to cyber-attacks, and should also monitor external ICT providers, the EDPS said in the report.
Another payment method that is growing in popularity is Bitcoin. This method is also not completely risk-free, but it can be done in a safe and anonymous way.
Catch up on more articles here
Follow us on Twitter here