Press release concerning the reference of personal data to the Credit Bureau
Regarding the request of S.C. Vodafone S.A. which suggests the expanding to the sphere of participants to the evidence systems like the credit bureau type by including the telephone companies, we underline that National Supervisory Authority for Personal Data Processing considers that, by adding the telephone companies to the evidence systems like the credit bureau type, will generate a serious infringement of the right to privacy.
The goal of the National Supervisory Authority for Personal Data Processing is to safeguard the right to privacy.
The point of view of our institution is based on the provisions of the European Human Rights Convention, Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Charter of Fundamental Rights of European Union, on the principles for processing the personal data stated at European level as well as through the national legislation.
Starting from the necessity to observe the right of persons not to be subject to automated individual decisions which evaluate the aspects like the credibility or solvency, the National Supervisory Authority for Personal Data Processing stresses out that the activity of transmitting the personal data to the evidence systems like the credit bureau type is likely to produce effects upon a significant number of citizens and to affect the privacy of natural persons.
We would like to emphasis the risks involved by the participation of telephony companies to the Credit Bureau, because this way it will mean that the telephony companies will have access to information held by banks which report their clients to the same Credit Bureau, which involves an infringement of the confidentiality of the relationship between the bank and its client, under the conditions in which the banking information are subject to banking confidentiality.
In case of accepting the telephony and the utility providers to the Credit Bureau system, this will get to the excessive report of personal data concerning the financial situation and the payment behaviour of the natural persons, likely to breach even the assurance of the right to a decent life in Romania.
With the same purpose, we underline that telephony providers dispose of the Preventel system, common, distinct and specific to the telephony sector, through which you can check the clients with debts resulting from a late payment/non-payments of the invoices issued.
As a result, Decision no. 105/2007 shall not be modified.
We reiterate that the National Supervisory Authority for Personal Data Processing issued Decision no. 105/2007 regarding the processing of personal data performed in an evidence system of credit bureau type systems, through which we regulated, mainly, the followings:
- only financial and credit institutions, leasing companies and insurance credit type entities can be participants to credit bureau filling system;
- the storage period of the data concerning the late payments (negative data) is of 4 years since the day of payment of the last unpaid rate or since the day of the last sent update in case of unpaid sums until the term established;
It is mandatory to previous inform the natural person, in writing, by phone, SMS or e-mail, at least 15 days before the day of the transmission to the credit bureau.