Smartphones are more popular than ever. Consumers can download a wide range of applications to make their lives easier. For example, thanks to mobile payment applications at the point of sale (MVPP), they can pay for their purchases without opening their wallet, and even group all their payment, gift and loyalty cards together in an electronic wallet.
In order to operate, MVPPs require a great deal of personal information. This raises major privacy issues. On the one hand, these applications pose
challenges with regard to the disclosure and communication of important information concerning the collection, protection and dissemination of personal information, as set out in the
privacy policy.
On the other hand, they pose challenges because of their use on mobile devices, which allows for the collection of a wide range of personal information. To determine how companies offering MVPPAs are informing consumers about these issues, we studied their privacy policies, then used all the MVPPAs available for use in Montreal during a given period. Our analysis reveals that many of the privacy policies are flawed. Sometimes, they are difficult to access or lack clarity, and sometimes they are poorly adapted to the context of mobile information communication.
While many privacy policies define personal information differently from that of the OPC, others are problematic in terms of how to obtain consumer consent. Although, in today's context, it is normal for applications to collect the personal information required for mobile payments, some APMPVs collect too much personal information. Some MVPAs collect too much.
To get the pulse of consumers, we held six focus groups, three in Montreal and three in Toronto, with MVPA users. The majority of participants were
surprised by the large amount of information collected by these applications and shared with third parties, to the point where some said they were ready to reconsider their usage habits. They felt that privacy policies should be better adapted to the mobile medium, which is particularly user-friendly and dynamic.
What's more, not everyone understands the mobile payment system. It can be difficult for consumers to understand how their personal information will be handled during the payment process. It is therefore essential that privacy policies are transparent and easy to understand. However, some of them are not. Companies need to improve their practices, in particular by taking privacy into account right from the design stage of a device (integrated privacy design). This is the only way to protect consumers and ensure their trust, a sine qua non for the mobile payment system.
