European Union: Adopted EDPB recommendations on credit card data storage

The European Data Protection Board issues recommendation 2/2021 on the legal basis for the storage of credit card data. The purpose is the facilitation of online transactions with sufficient data protection. The recommendations encourage a harmonised application of data protection rules regarding credit card data storage following transactions. It concludes that for such storage consent (art. 6(1)(a) GDPR) is the sole appropriate legal basis. The consent must be free, specific, informed and unambigous, devilered through clear affirmative action (e.g. not combined with the consent to terms of use) and requested in a user friendly way, allowing for withdrawal.