The following was published to the IAJGS Records Access Records Alert mailing list:
CNIL, the French Data Protection Agency has published a white paper on data and means of payment. It may be read at:
https://www.cnil.fr/fr/la-cnil-publie-un-nouveau-livre-blanc-sur-les-donnees-et-moyens-de-paiement
The actual paper may be found at:
https://www.cnil.fr/sites/default/files/atoms/files/cnil_livre_blanc_2-paiement.pdf
This is in French only so a translation website will be necessary
https://www.deepl.com/en/translator
or
They have an online consultation open for comments until December 15, 2021.
You can send comments to: [email protected]
Or reply on this form: https://www.cnil.fr/fr/webform/consultation-publique-donnees-et-moyens-de-paiement-enjeux-pour-les-personnes-et
“The White Paper reviews the legal points of vigilance of the CNIL in terms of the application of the GDPR in the field of payments and outlines the avenues of support for professionals in this field. By providing legal certainty, the CNIL will contribute to competitive equality between players as well as to full compliance of these players with the GDPR.”
The paper focuses on: General Data Protection Regulation (GDPR); industry insights (potential of mobile payments and the importance of maintaining payment options) and European projects-that which will crat a European bank card network
If you use Chrome as your browser it automatically will translate to English if requested.
JDSupra has a legal news blog about this which may be read at:
https://www.jdsupra.com/legalnews/cnil-publishes-white-paper-on-digital-2493668/
CNIL notes specific concerns with:
Sensitive personal data
Highly personal nature
That paper says:
Although the CNIL does not require that payment data be stored exclusively in the EU, it does highlight the specific requirements that apply to international transfers of personal data, as well as the additional requirements resulting from recent legal developments in the EU (Schrems II)
To read the previous postings about the CNIL, European Union’s GDPR, Schrems’ litigation, and more, go to the archives of the IAJGS Records Access Alert at: http://lists.iajgs.org/mailman/private/records-access-alerts/. You must be registered to access the archives. To register go to: http://lists.iajgs.org/mailman/listinfo/records-access-alerts and follow the instructions to enter your email address, full name and which genealogical organization with whom you are affiliated You will receive an email response that you have to reply to or the subscription will not be finalized.
Jan Meisels Allen
Chairperson, IAJGS Public Records Access Monitoring Committee