Customer update – Confidentiality in advanced payment methods
Nowadays, the main advanced payment methods active in Israel operate in two main configurations: (1) the payment methods for the transfer of funds – transfer of funds between individuals (P2P) or collecting payments within a group ; and (2) Payment in a business – payments are transferred directly to the business via a smartphone and / or other smart device using NFC technology.
In general, the PPA notes that there are many advantages to using advanced payment methods, however, while using these means, there are important issues of data privacy and security, given that according to a review performed by the PPA, these advanced means collect sensitive data about users which enables the data collector to analyze the behavior (both general and economic) of users in a way that can attest to the personality of the users, to their preferences and lifestyle, while sometimes doing so for commercial purposes and in some cases the transmission of such data to third parties.
In light of the above, the PPA notes that care must be taken to ensure that the use of advanced payment methods is done in a manner that protects user privacy and allows users to control this data. To this end, the PPA is developing a series of recommendations which, in the opinion of the PPA, express the best way to implement the provisions of the Privacy Act 1981 (the “Law“), And to give due importance to the issue of the privacy of users of advanced payment methods.
Here are the main recommendations of the PPA:
- Consent to use other technologies – any material change in the type or identity of technologies used in advanced payment methods, will be presented to users in order to obtain renewed active consent on their behalf, including detailing the possible meanings and implications of said changes on their privacy.
- Termination of engagement and data retention – the confidentiality policy and the conditions of use of the advanced means of payment will include details concerning the format of disconnection of the various services, the consequences of such disconnection in terms of keeping the personal data collected and the uses of this data after said disconnection. A request to disconnect or terminate the engagement with these various services and the removal of the applications will also result in the end of the use of the data and their processing for commercial purposes, and the retention of personal data will only be carried out for needs. needs to provide services, the vitality of which is not diminished even after disconnection from it, or for legitimate and specific purposes such as defense in legal proceedings initiated by the client. The termination of the use of an operator’s advanced means of payment by a user does not necessarily affect the continued storage of data collected in connection with other means of payment of that operator which are still used by the user.
To read the policy in its full form (in Hebrew) >> Click here