Understanding the Use of Identity Cards as Loyalty Cards: Data Protection and Legal Requirements Explained

2024-01-01 05:30:00

Many Belgians have loyalty cards, often kept in their wallets. These cards can also be digital and hosted on their smartphones using an application. But identity cards can also become loyalty cards.

Jean-Marc, a resident of Beaumont, has already used his to keep his tickets and guarantees. The former IT specialist contacted our editorial team via the orange Alert us button because he now has questions regarding the use of his personal data.

“I have already used my identity card as a loyalty card in stores or at the hospital. While doing my shopping, I wondered what information was collected. At first, it didn’t really bother me, like several stores did… It was followingwards that I asked myself the question. Why the identity card?”, he asks himself.

And to continue: “When we receive our identity card, we must also enter a secret code. As some stores ask for the identity card in order to replace the loyalty card, what is this secret code for? Is there a risk of identity theft?”asks Jean-Marc.

We asked these questions to Freedelity, a Belgian company specializing in the use of identity cards as a support for loyalty cards. Freedelity currently works with many brands such as Intermarché, Trafic and Mediamarkt.

What data is collected in stores?“From a general point of view, the data collected is often reduced to identification data (surname, first name, gender, date of birth, address), as well as technical keys to ensure uniqueness of profiles (excluding the national register) . The card does not contain any other publicly accessible information, and is of no interest to a business. It is neither more nor less than what you would fill out in a traditional form, but faster.”details Freedelity.

What is the secret code of the identity card used for?“The secret code is only useful on the identity card to prove one’s identity (authentication) to enter a portal, government type, or for a signature (at the notary for example). The card has three modes of use, identification (who am I?), authentication (I legally certify that I am this person), and signature.”

How can we control what stores or sites have collected?“For stores that work with Freedelity, everything is available on MyFreedelity, the data can be viewed, corrected and deleted there. For brands that don’t work with us, it’s on a case-by-case basis, but as I said in my first response, the data on the card is quite limited.”the company tells us.

What does the personal data protection authority think?

In Belgium, the Data Protection Authority (APD) verifies compliance with legal standards and in particular the General Data Protection Regulation (GDPR). And here are the limits of using the identity card as a loyalty card.

“Private sector operators are required, in certain circumstances, to ask a person to present their identity card. In certain cases, they must in fact identify the person for whom they provide or will provide a service. Only if your identification is necessary for a clear and precise reason communicated to you can such a request be made to you.“, indicates the APD on its website.

As they are not public authorities or police officers, private sector actors cannot force you to present your identity card (unless expressly authorized by law). Two situations can allow actors in the private sector (merchant, private library, lessor, banker, etc.) to read your identity card : obtain your prior, free, specific and informed consent, and the existence of a legal provision (see below), which requires them to collect your identification data using your ID card.

What happens if you refuse to have your ID card read as a loyalty card?

“Clear and precise information on the details of the processing that will be done to your data, if you consent to it, must have been communicated to you. If you refuse to have your identity card read, electronically or not, the service for which such a request is made to you must, all the same, be provided to you. No negative consequences for you can result from your refusal.”underlines the Data Protection Authority. “In addition, when an advantage or service is offered to you, through a computer application which requires the use of your card, an alternative which does not require the use of your identity card must be offered to you ( like a paper version of the loyalty card).

What legal provisions may require you to be asked for your identity card?

The law may require private sector actors to request your identification data via your identity card or by taking a photocopy or electronic copy of your identity card. Two situations are mentioned by the Data Protection Authority:

  • The anti-money laundering law requires various professionals such as banks, credit institutions or insurers to take a copy, on paper or electronic media, of the identity card of their new clients. The aim is to prevent the opening of accounts or transfers of large sums of money under false names or pseudonyms; which would facilitate money laundering.
  • The royal decree of March 14, 2022 relating to postal services empowers the postal service provider to verify the identity of the recipients of a registered item (such as a registered item) or their agent. To be able to prove that the identity of the recipient or his agent has been verified, the postal service provider takes a handwritten, photographic or electronic capture of the proof of identity.

A trader sanctioned in 2019

In November 2019, the Data Protection Authority sanctioned a merchant who only required the presentation of an identity card to create a loyalty card. This private sector actor should have offered an alternative to comply with the General Data Protection Regulation (GDPR). The Litigation Chamber considered that “ the reading and use of all the data present on the electronic identity card in a commercial context is data processing that is disproportionate to the objective of creating a loyalty card. “The administrative fine amounted to €10,000.

The merchant, however, defended himself in court and the fine was “broken” car “it should have been preceded by a reprimand”. The customer had also refused to show his identity card, so the merchant had not used it. The offense might not be clearly defined, but the case is not yet concluded because the Data Protection Authority has filed an appeal.

Identity card Data protection
1704117883
#JeanMarc #identity #card #loyalty #card #risk

Leave a Replay