data protection supervision authority’s practice concerning exception provided in par. 2 of...
TRANSCRIPT
![Page 1: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/1.jpg)
Data protection supervision authority’s practice concerning exception provided in par. 2 of
article 5 of Directive 2002/58/EC
DIJANA ŠINKŪNIENĖ
State Data Protection Inspectorate of the Republic of Lithuania
XIV Case Handling Workshop, Athens, 13-14 November 2006
![Page 2: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/2.jpg)
2
Scope of the inspections
Recording of the phone conversations in 10 banks;
Compliance with the requirements of the Law on Electronic Communications of the Republic of Lithuania and the Law on Legal Protection of Personal Data (Data Protection Law).
![Page 3: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/3.jpg)
3
Findings of the inspections
The phone conversations are recorded in 6 banks;
4 banks have special telephone numbers that are dedicated for business transactions and are not publicly available;
2 banks are recording the conversations when persons are calling by common phone number which is made public and dedicated also for information, consultations, etc.
![Page 4: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/4.jpg)
4
Legal background
Recital 23 and article 5 of the Directive 2002/58/EC;
Paragraphs 1 and 3 of the article 63 of the Law on Electronic Communications;
Data Protection Law.
![Page 5: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/5.jpg)
5
Directive 2002/58/EC
Recital 23:requires to ensure confidentiality of
communications in the course of lawful business practice;
allows recording of communications for the purpose of providing evidence of a commercial transaction;
parties to the communications should be provided with specific information prior to the recording;
Article 5 sets forth requirements for the confidentiality of communications.
![Page 6: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/6.jpg)
6
Law on Electronic Communications
Paragraph 1 of the article 63 ensures the confidentiality of communications and prohibits any interception without consent of the parties concerned, except the cases provided by law;
Paragraph 3 of the article 63 allows legally authorised recording of information and related traffic data in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication.
![Page 7: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/7.jpg)
7
The concept of “commercial transaction and any other business
communication”
Oral financial transactions concluded by phone, for example:
stock exchange transactions;
currency exchange transactions;
money transfer.
![Page 8: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/8.jpg)
8
The concept of “commercial transaction and any other business
communication”
Oral communications, directly related to the existing contractual relations between bank and its client, for example:request to block/unblock bankcard; order of the abstract of account;request for the information related to
circulation of money in the account.
![Page 9: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/9.jpg)
9
The concept of “commercial transaction and any other business
communication”
Provision of some kind of information which is considered as the service according to the law, for example:
according to the paragraph 1 of the article 3 of the Law on Financial Institutions provision of information as well as advice on issues of the granting and payment of a credit is considered as financial service.
![Page 10: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/10.jpg)
10
Decision of the Data Protection Authority
Provision of the information of general nature about banking services, its rates etc. falls outside the scope of exception laid down in the par. 3 of the article 63 of the Law on Electronic Communications and consent of calling person has to be obtained.
![Page 11: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/11.jpg)
11
Decision of the Data Protection Authority
When exception concerning commercial transaction and any other business communication is applied, parties to the communications should be provided with appropriate information.
![Page 12: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/12.jpg)
12
Requirements for the lawfulness
Consent has to be given in a way enabling a freely given, specific and informed indication of the user’s wishes;
In any case parties to the communications should be informed prior to the recording about the recording and its purpose.
![Page 13: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/13.jpg)
13
Arguments submitted by banks
Phone numbers are designated only for commercial, not for private, communications;
Every communication, even provision of general information about banking services could have after-effects and could serve as the evidence;
When calling person is not the client of the bank, his identity is not being established, so he has not to be informed according to Data Protection Law.
![Page 14: Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e525503460f94b47e1d/html5/thumbnails/14.jpg)
14
Final results
It was agreed that:
When telephone numbers are not publicly available, it is sufficient to present appropriate information in the contract;
In other cases information about the recording and its purpose has to be delivered to the calling person in case of every call, before starting to record.