Do you find contactless payment very convenient, keep some crypto on Binance, and resort to fractional investing? If these services have indeed managed to fit into a trend, the National Commission for Informatics and Freedoms (CNIL) is concerned about the practices of these new players in finance in terms of personal data, especially financial.
Digital payment players and new fintech shoots are not yet as regulated as banks. The result ? The CNIL is alarmed in a white paper about what the authority considers to be an increase in the abuse of users’ personal data.
Apple Pay, Klarna, Binance … fintech has a free hand to exploit your financial data
We can read in particular in the preamble of the report: “Payment data is personal data: purchase data, financial data, contextual data, it concerns many aspects of the existence of individuals. They can make it possible to ‘trace’ their personal activities, to identify their behavior, to be used to commit fraud ”.
It must be said that personal data is very valuable – especially when it comes to finances. Banks pay a high price for information on their customers. But thanks to the poor supervision of the fintech sector, the costs of acquiring this strategic data are very low for new payment operators and investment platforms.
Moreover, this is what largely explains the capitalization of some of these players. The leader in installment payments Klarna, for example, is valued at more than 45 billion euros. And we quickly understand why. By observing her clients, Klarna can easily tell which are good and bad payers.
What sell them more financial products while reducing the risk as much as possible. The same goes, according to the CNIL, for very popular payment operators like Apple Pay and Google Pay. To fight against this trend and its risks for users, the CNIL proposes, in its white paper, to force players in the sector to comply with the GDPR, the general data protection regulation in force in Europe.
It is also about finding ways to hide credit card numbers so that they are not used to track users. Imposing a regulatory role for fintech will nevertheless be complex. Les Echos quote the head of a large French bank who notes that the DSP2 directive has allowed the sharing of bank data to third parties – on the basis of consent.
Consent of users that these platforms generally obtain, which protects them against any excessive supervision by the CNIL. Do you also think that Fintech players should be more regulated? Worried about the use of your payment data? Share your opinion in the comments!