Apple Pay: an Introduction

One of the most exciting elements of the Apple iPhone 6 launch in September was the announcement by Apple of the Apple Pay feature. Apple Pay is a near field communication (NFC) based mobile payment system that comes pre-installed on the iPhone 6. NFC technology involves a short-range, low power wireless link evolved from radio-frequency identification technology that can transfer small amounts of data between two devices held a few centimetres from each other. It is the same technology that is behind the ‘tap and pay’ debit cards that have been rolled out by Irish banks in the last number of years.

While Apple Pay was launched with the iPhone 6 in the US, it has not yet been rolled out in Europe with rumours predicting an Apple Pay European launch in 2015.

It is clear that Apple Pay has the potential to be a ground breaking technology that may change the way that consumers use their phones and, indeed, how consumers pay for goods and services.

However, while Europe might look like a promising market for such a technology, particularly with the more widespread use of NFC and contactless payment than in the US, Apple does face a number of significant challenges from a regulatory, data protection and security standpoint before rolling out this service successfully in Europe. The steps that Apple has taken to ensure that their Apple Pay product is well placed to meet both its regulatory obligations and the security requirements required in today’s electronic marketplace are both interesting and innovative.

Regulatory and Security Challenges and Solutions

Apple will need to ensure that Apple Pay complies with the EU’s E-Money directive which imposes license requirements on each undertaking seeking to issue e-money and/or to offer payment services within the EU. Whether and to which extent this will apply to Apple Pay depends on the details of the technology used and the payment flows involved.

Apple would also need to ensure that the collection and processing of the users’ personal (payment) data are justified under European data protection laws. It seems likely that the user data used by Apple Pay will fall within the broad definition of ‘Personal Data’ contained in both Irish and European data protection legislation and Apple will most likely be considered to be a Data Controller of the data collected and used by Apple Pay. Therefore, Apple will need to ensure that they are in compliance with the obligations imposed on Data Controllers under Irish and European data protection legislation at each stage of their Apple Pay service.