We have been dealing with a number of issues related to mobile payments and data protection.
At the beginning of the new year, the Italian Data Protection Authority (Garante per la protezione dei dati personali) launched a public consultation on a draft regulation concerning the processing of personal data related to mobile remote payments.
The regulation is addressed to electronic communications providers, hubs offering products and digital services, and merchants offering digital contents and editorial services, multimedia products, games.
According to the draft regulation, at the purchase of the prepaid card or at the subscription of a telephone contract, merchants and telephone and internet service providers are required to provide users with an adequate information notice. Likewise, hubs processing data on behalf of the telephone operators are required to publish a page on their website, displaying the information notice and, when necessary, collecting the users’ consent.
The Data Protection Authority underlines that consent is generally not required unless operators and merchants carry out marketing activities, profiling or transfer data to third parties (in such case, a specific consent would be required).
In addition to the above, the Authority urges providers, hubs and sellers to undertake all necessary measures to protect the data, including specific systems aimed at avoiding data crossing and users profiling.
Finally, the regulation specifies that data cannot be retained for more than 6 months from the collection, while IP addresses must be erased by the merchants once the purchase procedure concerning the digital content is completed.
The regulation is aimed at ensuring more protection for user’s personal data.
Does the draft adequately address also all the operators involved in the revenue chain?
Happy New Year!