New trends of personal data protection in credit relations while transferring debt information to the third parties
The recent court practice proves for the banks (Bank) to pay more attention to compliance not only with the Personal Data Protection Laws, but also bank secrecy and consumer protection laws while transferring personal data of the borrowers (Borrower) to the relevant third parties involved in debt recovery. Furthermore, it may be necessary to restate the internal policies and contractual arrangements between the banks and borrowers to ensure obtaining proper consent on transferring personal data to third parties.
Specifically, at the end of July, this year the Court of Appeal upheld the ruling of the first instance court and declared illegal the transfer of personal data of the Borrower (defendant) to the debt collector by the Bank (respondent). In particular, the Bank transferred the data on address and debt of the Borrower. The courts confirmed the fact of breach of bank secrecy and consumer protection laws by the Bank. On this basis the Bank’s actions were qualified as unfair business practice.
The courts rejected assertions of the Bank that the consent on personal data transfer was granted by the Borrower under the document called “General Credit Terms” (SK: stipulates the right of the Bank to transfer Borrower’s data, terms of the agreement, debt status, etc. to the third parties). The courts found no reason to believe that “General Credit Terms” is a part of the credit agreement.
Finally, the court ruled on reimbursement of moral damages incurred by the Borrower and caused by the Bank. The courts came to conclusion that the debt recovery activity of debt collectors attracted by the Bank (SK: quantity and content of the messages sent to the Borrower) should be qualified also as unfair business practice.