/ data protection / Privacy obligations for mobile payments

Privacy obligations for mobile payments

mobile payments

The Italian Data Protection Authority just launched a consultation on privacy-related obligations applicable to remote mobile payments that is based on draft regulations attached to the consultation document.

We already discussed about mobile payments that according to the data published by the University of Milan reported transactions for € 900 million in 2012 in Italy, but what are the data protection obligations applicable to telecom and Internet operators as well as to managers of e-commerce platforms and merchants? 

According to the position of the Data Protection Authority outlined in the draft regulations subject to consultation, among others:

  1. users shall be provided with a privacy information notice listing all the information required by Italian law also specifying whether the processed data will be used – with the prior user’s consent – for purposes other than the mere processing of payments such as marketing and profiling purposes; 
  2. stringent security measures shall be adopted with reference, among others, to the classification of the purchased goods/services, the encryption of stored data and  the information to be notified to the platform manager and to the merchant that shall not exceed what is necessary for the purposes of the transaction (e.g. it shall not mention that the transaction was not successful because of the lack of credit on the user’s SIM card); and
  3. data processed as part of mobile payment transactions shall not be stored for more than 6 months when they will be deleted. 

The above is a mere snapshot of the obligations provided by the draft regulations drafted by the Data Protection Authority, but I will be glad to discuss it further bearing in mind that the deadline to join the consultation is the 4th of March 2014.  For this purpose, feel free to contact me, Giulio Coraggio to discuss.  Also, if you want to receive my newsletter, please join my LinkedIn Group or my Facebook page. And follow me on TwitterGoogle+ and become one of my friends on LinkedIn.


IT, gaming, privacy and commercial lawyer at the leading law firm DLA Piper. You can contact me via email at giulio.coraggio@gmail.com or giulio.coraggio@dlapiper.com or via phone at +39 334 688 1147.

Send Us A Message Here

Your email address will not be published. Required fields are marked *