Digital payment methods pose a risk to people’s privacy, according to the European privacy regulator EDPS (European Data Protection Supervisor) in a report. The EDPS regularly publishes a so-called TechDispatch to explain emerging technological developments. This time it’s about digital payment methods and their possible impact on privacy and the protection of personal data.
Digital payment methods require personal information
In addition to paying with a bank card, the EDPS also warns about the privacy risks of other digital payment methods, such as the use of smartphones, QR codes and NFC. Only cash payments do not involve processing personal data, according to the EDPS.
“Because of the way card-based payments work, traceability is inherent, exposing data subjects to a variety of risks,” the EDPS writes in the report.
The supervisor also explains how the processing of data with digital payment methods works. For successful payment, a device must authenticate the customer using data on a card or chip. Various software is needed during the process, such as software that makes the transaction easier and software that processes the payment.
According to the EDPS, digital payment methods are highly dependent on data processing. “The diversity of the actors involved in the process and the intensity of these processing operations have many implications for data protection.”
A lot of personal information known
By tracking someone’s payments, many details of his or her life can become clear. For example, investigative services use credit card payments to track down suspects. Various actors also observe the behaviour of payers in order to recognize patterns and prevent fraud attempts, the EDPS states.
The transactions that take place with digital payment methods make it possible to “determine a consumer’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life and sexual orientation. lead”, according to the EDPS.
The regulator also states that financial legislation obliges banks to keep information about transactions and bank accounts for a longer period of time. Storing data is necessary to fight tax evasion, money laundering and international crime.
While the EDPS mentions these as important objectives for society, it also states that this