1 / 15

DIJANA ŠINKŪNIENĖ State Data Protection Inspectorate of the Republic of Lithuania

Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC. DIJANA ŠINKŪNIENĖ State Data Protection Inspectorate of the Republic of Lithuania. XIV Case Handling Workshop, Athens, 13-14 November 2006. Scope of the inspections.

kane-franks
Download Presentation

DIJANA ŠINKŪNIENĖ State Data Protection Inspectorate of the Republic of Lithuania

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data Protection Inspectorate of the Republic of Lithuania XIV Case Handling Workshop, Athens, 13-14 November 2006

  2. Scope of the inspections • Recording of the phone conversations in 10 banks; • Compliance with the requirements of the Law on Electronic Communications of the Republic of Lithuania and the Law on Legal Protection of Personal Data (Data Protection Law).

  3. Findings of the inspections • The phone conversations are recorded in 6 banks; • 4 banks have special telephone numbers that are dedicated for business transactions and are not publicly available; • 2 banks are recording the conversations when persons are calling by common phone number which is made public and dedicated also for information, consultations, etc.

  4. Legal background • Recital 23 and article 5 of the Directive 2002/58/EC; • Paragraphs 1 and 3 of the article 63 of the Law on Electronic Communications; • Data Protection Law.

  5. Directive 2002/58/EC • Recital 23: • requires to ensure confidentiality of communications in the course of lawful business practice; • allows recording of communications for the purpose of providing evidence of a commercial transaction; • parties to the communications should be provided with specific information prior to the recording; • Article 5 sets forth requirements for the confidentiality of communications.

  6. Law on Electronic Communications • Paragraph 1 of the article 63 ensures the confidentiality of communications and prohibits any interception without consent of the parties concerned, except the cases provided by law; • Paragraph 3 of the article 63 allows legally authorised recording of information and related traffic data in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication.

  7. The concept of “commercial transaction and any other business communication” • Oral financial transactions concluded by phone, for example: • stock exchange transactions; • currency exchange transactions; • money transfer.

  8. The concept of “commercial transaction and any other business communication” • Oral communications, directly related to the existing contractual relations between bank and its client, for example: • request to block/unblock bankcard; • order of the abstract of account; • request for the information related to circulation of money in the account.

  9. The concept of “commercial transaction and any other business communication” • Provision of some kind of information which is considered as the service according to the law, for example: • according to the paragraph 1 of the article 3 of the Law on Financial Institutions provision of information as well as advice on issues of the granting and payment of a credit is considered as financial service.

  10. Decision of the Data Protection Authority • Provision of the information of general nature about banking services, its rates etc. falls outside the scope of exception laid down in the par. 3 of the article 63 of the Law on Electronic Communications and consent of calling person has to be obtained.

  11. Decision of the Data Protection Authority • When exception concerning commercial transaction and any other business communication is applied, parties to the communications should be provided with appropriate information.

  12. Requirements for the lawfulness • Consent has to be given in a way enabling a freely given, specific and informed indication of the user’s wishes; • In any case parties to the communications should be informed prior to the recording about the recording and its purpose.

  13. Arguments submitted by banks • Phone numbers are designated only for commercial, not for private, communications; • Every communication, even provision of general information about banking services could have after-effects and could serve as the evidence; • When calling person is not the client of the bank, his identity is not being established, so he has not to be informed according to Data Protection Law.

  14. Final results • It was agreed that: • When telephone numbers are not publicly available, it is sufficient to present appropriate information in the contract; • In other cases information about the recording and its purpose has to be delivered to the calling person in case of every call, before starting to record.

  15. I would like to thank you for your attention. Dijana Šinkūnienė d.sinkuniene@ada.lt www.ada.lt

More Related