Privacy

Summary

PayPal works to put customer privacy at the forefront of everything we do, from our services to our business strategy. We believe privacy requires an ecosystem of protections which policymakers, customers, and companies can help strengthen. Standardization, tech innovation, and education will be crucial to achieving this.

70% of consumer spending is now done electronically.

PayPal Narrative

  • Privacy is about ensuring appropriate collection, use, retention, disclosure, and disposal of personal information. With more than 70% of consumer spending now done electronically, it is important to promote privacy protection that creates a uniform standard while being technologically neutral and based on Fair Information Practice Principles.
  • Privacy is one of the fundamental building blocks of the PayPal services. An effective privacy program requires collaboration between Global Privacy and the Business Units, Information Security and Data Governance. A robust privacy program will gain the respect and trust of our customers and employees, enable strategic use of data, and prevent customer harm.
  • In order to protect consumers’ privacy, it is important for governments and companies to work together in establishing a strong awareness in privacy. A 2012 survey by CSID found 61% of users reuse passwords across multiple sites. Therefore, a consumer’s privacy requires a strong ecosystem which can be achieved through this collaboration. 


Proof Points

  • PayPal has been a pioneer of tokenization technology, which helps protect customers’ data during transactions. Tokenization substitutes a person’s sensitive financial information with a series of non-sensitive numbers that confirm to the merchant a payment is authentic, helping to minimize the impact of data breaches.

Broader Ecosystem

  • PayPal is a founding member of the Fast IDentity Online (FIDO) Alliance whose mission is to find new methods of authentication that move away from passwords, towards biometrics (fingerprint, etc.). OneTouch payments is leading better data-driven authentication through device recognition. [PDF link]
  • The International Electrotechnical Commission (IEC) and the International Standards Organization (ISO) have developed “Principles for Developing ISO and IEC Standards Related to our Supporting Public Policy Initiatives.” These principles are aimed at creating international standards based on “objective information and knowledge on which there is global consensus” so as to provide the necessary guidance and tools for regulators and policymakers to implement better privacy policies. [PDF link]
  • In 1973, policymakers worked together to develop Fair Information Practice Principles (FIPP) that are designed to be a starting point when discussing privacy protection while remaining flexible enough so as to adapt to changing technologies and consumer expectations. [PDF link]

Our Vision

Regulators and policymakers need to work together to establish a comprehensive online privacy framework with well-defined terms and goals. There is also an opportunity to educate the consumer on best practices for guarding their own privacy in the online world.