data protection supervision authority’s practice concerning exception provided in par. 2 of...
TRANSCRIPT
Data protection supervision authority’s practice concerning exception provided in par. 2 of
article 5 of Directive 2002/58/EC
DIJANA ŠINKŪNIENĖ
State Data Protection Inspectorate of the Republic of Lithuania
XIV Case Handling Workshop, Athens, 13-14 November 2006
2
Scope of the inspections
Recording of the phone conversations in 10 banks;
Compliance with the requirements of the Law on Electronic Communications of the Republic of Lithuania and the Law on Legal Protection of Personal Data (Data Protection Law).
3
Findings of the inspections
The phone conversations are recorded in 6 banks;
4 banks have special telephone numbers that are dedicated for business transactions and are not publicly available;
2 banks are recording the conversations when persons are calling by common phone number which is made public and dedicated also for information, consultations, etc.
4
Legal background
Recital 23 and article 5 of the Directive 2002/58/EC;
Paragraphs 1 and 3 of the article 63 of the Law on Electronic Communications;
Data Protection Law.
5
Directive 2002/58/EC
Recital 23:requires to ensure confidentiality of
communications in the course of lawful business practice;
allows recording of communications for the purpose of providing evidence of a commercial transaction;
parties to the communications should be provided with specific information prior to the recording;
Article 5 sets forth requirements for the confidentiality of communications.
6
Law on Electronic Communications
Paragraph 1 of the article 63 ensures the confidentiality of communications and prohibits any interception without consent of the parties concerned, except the cases provided by law;
Paragraph 3 of the article 63 allows legally authorised recording of information and related traffic data in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication.
7
The concept of “commercial transaction and any other business
communication”
Oral financial transactions concluded by phone, for example:
stock exchange transactions;
currency exchange transactions;
money transfer.
8
The concept of “commercial transaction and any other business
communication”
Oral communications, directly related to the existing contractual relations between bank and its client, for example:request to block/unblock bankcard; order of the abstract of account;request for the information related to
circulation of money in the account.
9
The concept of “commercial transaction and any other business
communication”
Provision of some kind of information which is considered as the service according to the law, for example:
according to the paragraph 1 of the article 3 of the Law on Financial Institutions provision of information as well as advice on issues of the granting and payment of a credit is considered as financial service.
10
Decision of the Data Protection Authority
Provision of the information of general nature about banking services, its rates etc. falls outside the scope of exception laid down in the par. 3 of the article 63 of the Law on Electronic Communications and consent of calling person has to be obtained.
11
Decision of the Data Protection Authority
When exception concerning commercial transaction and any other business communication is applied, parties to the communications should be provided with appropriate information.
12
Requirements for the lawfulness
Consent has to be given in a way enabling a freely given, specific and informed indication of the user’s wishes;
In any case parties to the communications should be informed prior to the recording about the recording and its purpose.
13
Arguments submitted by banks
Phone numbers are designated only for commercial, not for private, communications;
Every communication, even provision of general information about banking services could have after-effects and could serve as the evidence;
When calling person is not the client of the bank, his identity is not being established, so he has not to be informed according to Data Protection Law.
14
Final results
It was agreed that:
When telephone numbers are not publicly available, it is sufficient to present appropriate information in the contract;
In other cases information about the recording and its purpose has to be delivered to the calling person in case of every call, before starting to record.
