Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



Processing of personal data in databases of credit information agencies

PrintMailRate-it

​​​​​​​​​​​​​published on 21 May 2024 | reading time approx. 3 minutes

Personal data that entails the financial obligations of any person can impact the person’s ability to receive a vast variety of services if these services are connected to their creditworthiness, for example, mortgage, car, cash loans and many other services, going as far as even impacting the persons ability to procure a phone of their choice. 

For these service providers it is always a struggle to keep track of all the outdated information from databases containing peoples’ financial obligations but another question also exists, can people ask genuine information to be deleted on the grounds that it is a negative reflection on their prospects of different scope of services or because they did not consent for this data to be on these databases. Such is a case with credit information agencies that store credit related information of natural persons in order to make it easier for creditors to evaluate a consumer’s ability to repay the loan. This system is necessary because the EU puts forward legislature such as Directive 2008/48/EC and Directive 2014/17/EU which makes it a responsibility of the creditor to ensure that prior to giving out a loan a person’s creditworthiness is assessed and such databases are a useful tool for such actions.

This creates a conflict of interests. The credit information agencies legitimate interest that they follow is economic in nature and third parties such as credit companies have an interest in the information these agencies store in order to fulfill the obligation put forth by EU legislature and then there are also the interests of the data subject whose information is being stored. There has to be a balance between all of their interests.

To fulfill the “legitimate interest” condition it is necessary for the processing of information to be lawful, the basis for which is set in the GDPR Article 6. But lawfulness in itself entails also that the information has to be acquired to achieve a legitimate interest, for example, it can be an economic interest, second, it has to process personal data for the sole purpose of the legitimate interest that entails the condition that the legitimate interest cannot be reached just as effectively using other means that would be less restrictive on the rights and freedom of data subjects, third condition is that data subjects fundamental rights and freedoms do not take precedence over this legitimate interest this means that if such a case were to be before a judge each case has to be examined and the court has to balance interests of all parties. Credit information agencies have to abide by the “data minimization” principle so even if they can store personal data pertaining to a data subjects financial obligations they have to make sure to store only the minimal amount necessary for the fulfillment of their legitimate interest. 

Only when all of these conditions have been analyzed can it be determined whether certain processed information is needed for the “legitimate interest”. The previously mentioned conditions have to be fulfilled cumulatively, meaning they must exist at the same time, in order for the data processing to be seen as lawful. If information is seen to be unlawful, the credit information agency has the obligation to erase it as soon as possible. The data subjects have the right to request deletion of their data from these databases if they object to its processing. The credit information agency cannot continue the processing of data, in these cases, unless they have a legitimate interest that overrides the rights, freedoms and interests of the data subject.

 DATA PROTECTION BITES

Author

Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney at Law, Cyber & Information Security Expert

Senior Associate

+371 6733 8125

Invia richiesta

 RÖDL & PARTNER LATVIA

Discover more about our offices in Latvia. 
Deutschland Weltweit Search Menu