On November 4, 2013, the data protection authority (“DPA”) of the German state of Rhineland-Palatinate announced two sets of recommendations for mobile payment systems, including contactless payments. The recommendations were prepared in conjunction with the state consumer protection agency, the Ministry of Justice for Rhineland-Palatinate, the mobile payment industry and research organizations.

The recommendations relate to:

  • data protection requirements (e.g., provision of notice, consent, technical and organizational security measures) in mobile payment systems; and
  • payment security aspects (e.g., authentication and authorization, transparency, security standards) to be considered in the creation and operation of such systems.