EDPB has adopted the Recommendations 2/2021 on the retention of credit card data in order to facilitate further online transactions.

The European Data Protection Board (EDPB) has adopted the Recommendations 2/2021 on the retention of credit card data in order to facilitate further online transactions.

In particular, the recommendations advise Data Controllers to implement adequate guarantees for data subjects and to guarantee them control over their personal data, in order to reduce the risk of unlawful processing and promote trust in digital transactions pursuant to the Regulation ( EU) 2016/679.

On this point, the recommendations highlight that the legal bases referred to in Article 6 of the GDPR other than consent would not be applicable to the scenario in which suppliers of online services and goods store credit card data for the sole and specific purpose of facilitating further purchases by interested parties: it is emphasized that it would be advisable to request explicit, specific and informed consent for further conservation by the interested party.