France: CNIL publishes white paper on GDPR application to payment data

On 23 February 2022, the National Commission on Informatics and Liberty (CNIL) issued a white paper entitled “When trust pays off: today’s and tomorrow’s means of payment facing the challenge of data protection”. The paper outlines the data protection challenges identified by CNIL resulting from the increasing use of digital means of payment. The CNIL noted that data associated with digital payments, e.g. payment data and purchase data, could be used to trace the activities and the behaviour of any individual and as a consequence compromise their anonymity. Furthermore, CNIL outlined how the General Data Protection Regulation (GDPR) applies to payment data and stated that some issues have to be addressed by the competition regulation, financial regulation and consumer protection law. Finally, CNIL listed several recommendations to ensure the protection of individuals' payment data, noting the importance of incorporating them in the design of new digital payment tools, including in the digital Euro project and the European card network.