Transcript DATA PROTECTION ISSUES COMBINING OF PERSONAL DATA STORED IN DIFFERENT INSTITUTIONS

DATA PROTECTION ISSUES
COMBINING OF PERSONAL DATA
STORED IN DIFFERENT
INSTITUTIONS
9th Meeting of Central and Eastern
European Commissioners
June 4-6th 2007
Zadar
Neringa Kaktaviciute
State Data Protection Inspectorate
of the Republic of Lithuania
CONTENTS



Data combining by state institutions
Data combining by private institutions
Case law
2
DATA COMBINING BY STATE
INSTITUTIONS: Interdepartmental Storage of
Tax Data database is dedicated for:
- collecting of tax data which are processed by
institutions supervised and analyzed the tax;
- preparing of actual and high quality information
according to the collected data;
- providing combined information to the data recipients.
 Database stores data (without personal data) from
Ministry of Finance, State Tax Inspectorate, Customs
Department, State Social Insurance Fund Board,
Statistical Department, Financial Crime Investigation
Service
3
INTERDEPARTMENTAL STORAGE
OF TAX DATA (cont.)

Close future – personal data in Interdepartmental
Storage of Tax Data

Data protection problems:
a) duplication of personal data;
b) using of personal data for different
purposes;
c) lawfulness of purposes.
4
DATA COMBINING BY STATE
INSTITUTIONS: State Data Control Centre

-

State Data Control Centre which:
will enable automatically to exchange data between state
registers, information systems;
will provide electronic public services, which will be
provided by principle of “single window”;
will provide integrated and actual information pursuant
to data received from state registers, information
systems.
This centre will have Interdepartmental Storage of Tax
Data.
5
STATE DATA CONTROL CENTRE (cont.)

Data protection problems:
a) duplication of personal data;
b) using of personal data for different
purposes;
c) quality of data.
6
DATA COMBINING BY PRIVATE
INSTITUTIONS: Credit bureaus 
will store data about financial obligations,
performances of these obligations, persons’ salaries,
settlements.

The data will be received from banks, credit agencies,
other financial institutions and institutions which do
not provide financial services.
7
CREDIT BUREAUS

-
-
(cont.)
Advantages:
Each data recipients may apply directly to the credit
bureaus, but not to all banks, credit agencies and other
institutions.
Major circle of data recipients may get data.
Economy of extent.
Effective and safety data processing.
8
CREDIT BUREAUS

-
-
-
(cont.)
The Law on Legal Protection of Personal Data:
Banks and other financial institutions may apply to
each other when a data subject wants to get credit,
leasing;
Received data may be stored only for 2 working days;
Received data may not be combined with other data;
Banks and other financial institutions may get data of
the data subjects who have taken out credit, leasing:
name, surname, PIN, the type of the credit, its amount
and the deadline for the repayment of the credit.
9
CREDIT BUREAUS (cont.)

a)
b)
Law on Financial Institutions establishes that:
Before taking decision each financial institution must
make sure that client’s financial and economic state
allows expecting that client will be able to perform
obligations.
After concluding a contract financial institution must
constantly supervise whether client performs
contractual commitments.
10
CREDIT BUREAUS (cont.)
Business
 More institutions have to
have possibility to get
combined data for
evaluation of
creditworthiness
 Data combining is
necessary
 All data about persons’
financial and business
activities have to be
processed
The Inspectorate:
 Only the banks and other
financial institutions according
to the Law on Financial
Institutions
 Banks and other financial
institutions may apply to each
other, but not get combined
data from credit bureau
 Only data about provided
financial services related to
risk-taking, obligations to
financial institutions
 Data may be combined but not
processed for other purposes
11
CASE LAW

Genealogical tree – combining of personal data which
are obtained from Population Register using software
tool.

Police institutions, intelligence services use this
software tool which allows getting genealogical tree for
the purposes of those institutions.

Using of software tool is not legitimize.
12
CASE LAW (cont.)

Instruction to Police Department – to destroy the
software tool which allows to combine personal data
obtaining from Population Register and create
genealogical tree.

Police department appealed against Inspectorate’s
instruction to court.

Vilniaus region administrative court decided that using
of mentioned software tool conformed the legitimate
interest of police institutions – exercise of police tasks
determined in the laws.
13
CASE LAW (cont.)

The Vilnius region administrative court’s decision
was appealed against to Lithuanian supreme
administrative court.

Lithuanian supreme administrative court decided:
mentioned software tool is not legal;
software tool may be used for purposes of operational
activities.
a)
b)
14
Thank you!
[email protected]