October 23, 2019

October 23, 2019

Subscribe to Latest Legal News and Analysis

October 22, 2019

Subscribe to Latest Legal News and Analysis

October 21, 2019

Subscribe to Latest Legal News and Analysis

CNIL Revised Guidelines on Payment Card Data Used for Online Transfers

On 15 November 2017 the CNIL created a special page on its website with a view to highlighting  its 2013 guidelines on processing of payment card data for online transactions (The 2013 guidelines were modified in July 2017).

The guidelines highlight the following:

  • The permitted purposes some of which have to be presented as separate to the data subject (e.g. retaining data for card fraud detection) or require a separate consent (e.g. retaining data or for future transaction),
  • The necessary data (identity of the cardholder is not one of them, except for fraud prevention),
  • The retention periods (in any event, the cryptogram cannot be retained after the transaction)
  • Information of the data subjects
  • Security measures
© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Stephanie Faber Attorney Squire Patton Boggs Paris
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs

  • Data breach...

33 1 5383 7400