Published on Wednesday, May 1, 2019 - 10:40 by Camilla Winlo
The Danish Data Protection Authority, Datatilsynet, ruled on 8 April that calls can only be recorded for internal training purposes with the consent of the caller. It has ordered YouSee A/S to temporarily stop recording calls until it is able to implement a technical solution enabling it to collect consent before recording calls.
We would recommend that any organisations that record calls review the ruling and consider whether it may impact their use of call recording technology. In particular, organisations should understand whether they will need to collect consent and, if so, whether their current technology is capable of this.
Organisations providing call recording technology should consider whether they are able to manage consent appropriately and ensure that they have taken reasonable steps to confirm that their systems are being used lawfully.
Points to consider
There are some specific circumstances that apply to this case that DPOs should review:
First, Datatilsynet does state that in some circumstances it may be possible to demonstrate a legitimate interest in recording calls but that YouSee did not establish this. It is possible that measures to reduce the potential harm, such as using sampling techniques rather than recording all calls, may have changed the decision. DPOs in organisations that are currently relying on Legitimate Interest may wish to revisit their Legitimate Interest Assessments in light of this ruling.
Second, it also appears that YouSee only gave ‘internal training purposes’ as a reason for recording the calls. In our experience call recordings can be used for a number of other reasons, such as providing non-repudiable evidence to support the investigation of a complaint. It is possible that Datatilsynet might have made a different decision where the recordings were made for a different reason. DPOs may wish to revisit the information provided to callers, ensure it accurately reflects all the purposes that the call recordings may be used for, and ensure that they have an appropriate lawful basis for those purposes.
Nonetheless, it is clear that the starting assumption in relation to call recordings should be that consent will be required and that the technology used should be capable of collecting consent and allowing callers to object to the recording.