The complainant considered his fundamental right to confidentiality to have been violated by a bank’s recording of his customer call (without an opt-out option). These records covered all customer hotlines (including one for securities transactions) and the landline numbers of all the Bank’s branches, but excluded personal (mobile) numbers of individual customer service representatives.
The bank invoked its legal obligations as a payment service provider (Section 66 (1) ZaDiG 2018) and securities service provider (Section 33 (2) to (4) WAG 2018, Article 16 (6) and (7) MIFID II Directive).
The DSB has upheld the complaint. The ZaDiG 2018 cannot be used to derive a recording obligation that goes beyond the authentication of telephone banking orders. WAG 2018 and MIFID II would explicitly provide for a record-keeping requirement for telephone calls “in relation to client orders.” However, neither of these facts applied to the complainant’s call. The bank should therefore have set up its organization in such a way that telephone calls covered by a recording obligation are kept separate from other customer calls. This was also because the recording did not cover every customer telephone call without gaps anyway. The data processing was therefore excessive (violation of the principle of data minimization).
The decision has been appealed to the Federal Administrative Court and is therefore not legally binding.