What businesses need to be aware of in relation to digital wallets
Published in: February 2018
Technology has dramatically changed the world of commerce and this is especially so when looking at how cash, and even credit cards are losing some of their relevancy with the increased use of the digital wallet. The ease in which a person can tap and go to make a purchase using their smartphones has given rise to a number of issues that businesses need to have an awareness of if they offer such services.
What is a digital wallet?
For the purposes of this piece, a digital wallet will refer to payments made using a smartphone and can include Apple Pay or Android Pay as the two most obvious examples. Additionally, Australian banks have also embraced payment via digital wallets as well with many financial institutions providing the ability to complete tap and go payments through proprietary apps.
The primary legislative instrument in Australia safeguarding consumers is the Privacy Act 1988 (Cth) (the Act) which regulates how personal information is collected, used, stored and disclosed. More specifically, the Act includes the Australian Privacy Principles (APPs) that govern how the personal information of consumers should be handled.
The APP allows businesses to collect personal information if it is reasonably necessary for the functions or activities of the business (APP3), and that businesses are required to notify consumers that such personal information is being collected as soon as practicable (APP 5).
One of the interesting aspects of the Act is that there is no standard that companies must adopt in relation to security and encryption, but rather, the APP stipulates that the businesses take “reasonable steps” to protect information (APP 11).
There are many associative safeguards that are essential when looking at digital wallets, however, we’ll take a look at transactions and how breaches are to be dealt with in Australia.
Cloud based payments: one of the wonderful features of the internet is interconnected commerce that includes entities such as Google Wallet for example. The primary issue is the cross border nature of Google Wallet and the question needs to be asked is: How does the Act treat cloud based transactions? The Act allows transactions facilitated via the cloud, however, Australian businesses are required to take reasonable steps to ensure that cloud providers not based in the country are not in breach of APP 8 when collecting such information.
Security: arguably the biggest threat to consumers relates to fraud due to a website being compromised or the user suffering from some type of malware for example. However, one of the more interesting aspects of the Act is that there is no obligation for businesses to notify authorities or any consumers of data breaches. The notification is voluntary ad is only applicable where there is a “real risk of serious harm” to the consumer as outlined in the Data Breach Notification: A Guide to Handling Personal Information Security Breaches, published by the Office of the Australian Information Commissioner.
There are many more aspects to the issue of digital wallets and consumer protection laws that is outside the scope of this article. Businesses need to ensure that they are mindful of the APPs in relation to digital wallets.
Contact Eddy Neumann Lawyers on (02) 9264 9933 or