Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters. We have refused this request. All our attempts to clarify Nexi’s request, or to understand how their need for such information was necessary and legal, were met with what we consider to be vague and unsatisfactory explanations relating to a general need for risk analysis.
Subsequently, we found ourselves unable to receive credit card donations through Nexi’s system. In the afternoon of 10 March, we were further informed that our contract had been cancelled a few days prior on 7 March, due to our supposed failure to meet their deadline to fulfil their request. This deadline was not communicated to us beforehand, despite us having been Nexi’s customer for the past 15 years.
This is completely crazy! As 450 supporters are affected, that is a huge amount of donations that were cut off!
Report them to the authorities. This is extortion of private data and needs to be investigated.
The authorities are probably the ones compelling them to collect this information.
In which case Nexi should be able to state clearly that they are required to ask for this data by law.
Yes they should, however often they are not allowed to disclose such information. Over the last couple of decades, governments have realised that they can sidestep onerous legal principles such as innocent until proven guilty by requiring financial services companies to enforce KYC rules and the like. These rules were sold to us as a way to prevent the mega rich from dodging tax and organised crime from freely spending and moving their money, but surprise surprise governments have no qualms using them against people who are not so clearly in the wrong.
So Nexi can’t justify it. FSFe would be entirely within their rights to seek a judicial path.
I’d happily contribute towards that case.