CRA data protection & human rights act

[DavidP24]

Not sure if this goes under CRA or Data Protection, please move if required.

 

I am working on an EU complaint with some others about what to me seems a breach of the data protection act or at least article 8 of the human right act regarding privacy rights.

 

I have obtained company documents from a CRA (meant for their clients) that offer customers the opportunity to join what I will call a "club", when they join they agree to provide the data on their customers including monthly payments and an update of their address. In return they get some free access (depending on how much info they share) to CRA system. CRA then use that data to update alerts to debt collectors, information brokers and other clients.

 

My initial concern about this was about PURPOSE, the monthly payments are NOT credit payments, but for a broadband service (with 4 million customers), they even provide this customer information if the client prepays a year upfront. If the purpose of the CRA is about CREDIT then it seems entirely WRONG to pass on this information. If it was an energy company I would have a problem if the client were paying on presentation of the bill but tolerate it if the client added an outstanding bill to a monthly payment system which is in effect credit.

 

My next concern was that the broadband company provided no meaningful way for the customer to opt out of having their data shared, the only reference in the terms provided at the point of sale was that a customer may have an address check. There is a page on their website that says they share your data with CRA, it is very much a take it or leave it comment saying we do this for your own good.

 

If this is taken to it's logical conclusion McDonalds could share that you bought a burger, Petrol stations could share your purchasing location and so on.

 

I think we all should have a reasonable expectation of privacy that when trading with a company as a private individual.

 

I had a chat with a lowly member of staff at the ICO and they suggested that the CRA's are given carte blanche by the ICO and that we have to "account for ourselves", my response was that we do IF we decide to participate in taking credit but not if we do not take credit. They suggested that I might want to complain to the EU commissioners or I could complain to them first but they have a history of not going near CRA's.

 

SHOULD WE BE ENTITLED TO OPT OUT OF THE CREDIT REFERENCE SYSTEM OR AT LEAST CONTROL WHAT IS SHARED?

 

It would seem that Article 8 of the Human Rights Act thinks we should!

 

It talks about a PRIVATE LIFE...

 

The concept of a right to a private life encompasses the importance of personal dignity and AUTONOMY and the interaction a person has with others, both in private or in public.

 

The right to personal autonomy and physical and psychological integrity, respect for private and confidential information, particularly the storing and sharing of such information

 

Respect for privacy when one has a reasonable expectation of privacy and the right to control the dissemination of information about one’s private life.

It seems to me there is no autonomy (self-government) afforded to the consumer with regard to the storing and sharing of their information by these credit reference agencies. Especially for those that do not even take credit.

 

I think WHO I TRADE WITH and HOW MUCH I PAY it is a very private thing, especially if I am not given a MEANINGFUL way to opt out and to me that means a tick box where I say “NO YOU MAY NOT SHARE MY DATA WITH ANYONE WITHOUT MY EXPRESS WRITTEN PER OCCASION PERMISSION.”

 

I think this "club" should be totally illegal, it amounts to a data swap.

 

It seems to me that the ICO themselves by not enforcing this are in Breach of Article 8 as well as both the company providing the information and the CRA sharing the information.

 

I would be very grateful for comment from the members of this forum and any advice they may wish to provide.

[silverfox1961]

Hi

While I profess to not being up on the HRA and many aspects of the DPA, Thoughts do come to me on occasion.

 

You do have the choice of accepting whether a company shares your data or not. Don't sign. OK, you can't then take the service offered but that is your choice.

 

The original purpose of data sharing was to assist future creditors to assess whether you are a risk or not. I have no love for credit reference agencies but if I were a lender, how would I know if you were going to pay off a debt or not?

 

There are different criteria applied to consumers and businesses and access to them are limited in most cases. You can see who has checked your file whereas others cannot (dependant on the search)

Defaults or late payment markers as well as good payments are there to be seen by a creditor which helps them make wise choices.

 

While you are in a contract that allows CRA access, the only way i know of stopping them is by cancelling the contract.

 

While article 8 of the HRA does give you the right to privacy, I can't for the life of me see why your credit file forms part of it unless the creditor disseminates it without lawful permission. They have a duty of confidentiality.

[DavidP24]

Thanks for reply, I have no problem with people who take credit being subject to CRA, as you say if someone is going to sell you a £1500 mobile phone over two years they want to know you can come up with the payments.

 

However, you seemed to have missed my point, I am not taking credit, was not told during sign up process that my data would be shared and as a utility it is not credit. I prepaid annual contract and still they shared my data every month.

 

Consumers should have a RIGHT to not participate in CRA, I do not want to engage them because they even add that to their records. I realise that in itself will reduce my credit worthyness but that is my decision.

 

I cannot think of anything more private than ones credit status, I am not a creditor I am a customer and that is my point, it is unlawful.

 

Their terms which were hidden at the point of sale said they would do an identity check, that is fair enough, but not that they would share my data every month, There was no meaningful way of opting out and you are tied into a contract for 18 months.

 

Then I find that they are only sharing my data (along with that of four million others) to get themselves free access to CRA.

 

As I said, access to this data is shared with a plethora of companies, some of whom sell it on.

 

For example Capita shareholder services use the CRA data to find shareholders, that has nothing to do with credit, they just have an alert on people and get a notification when you make a payment to a company.

 

The thing is nobody really knows who it is shared with once it is provided. It is beyond your control.

[Ford]

technically, the HRA is applicable re against a 'public authority' (as defined) only. although there is debate as to its 'horizontal effect' ie its application between individuals (inc companies) where the 'arbiter' is a public authority.