You are here

ERR: Personal stories on financial portals inconsistent with data protection


Financial info portals which generate personal stories automatically will have to rearrange their actions in accordance with the Personal Data Protection Act. Currently, the way stories are generated does not comply with regulations.

Signe Heiberg, an adviser of public relations for the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), said information portals, mainly Inforegister, must completely rearrange their activities but appeals can be proposed until July 10.

Heiberg said: "We can say that going by the Inspectorate's legal analysis, this type of activity does not comply with data protection rules and principles. Personal stories, which are often false due to inaccurate facts or context, can not comply with data protection laws because the principles of purpose, minimality, and relevance are violated."

She added data must be accurate, relevant, and minimal to achieve its goals, which the people behind financial info portals currently have not complied with.

"The Inspectorate agrees that society needs mechanisms to ensure a transparent and honest economy, but if personal data has to be processed, it must be done while protecting their rights," Heiberg noted.

Exceptions can be made regarding personal stories for media outlets, she said, but only if the content has a purpose. This has also been explained by the European Court of Human Rights.

Heiberg said: "For Inforegister to gain rights to publish personal stories, they must first comply with legislation and the code of ethics set for Estonian press. The Inspectorate does not see personal stories as something in compliance with both legislation and the code of ethics. Even if portals could prove that some stories have a journalistic purpose, on 99 percent of cases that just is not true."

The standard handling of the so-called personal stories is also not neutral, according to Heiberg. Colorful descriptions are sometimes added and strong assumptions are made on the company's situation.

The Data Protection Inspectorate will wait to hear from the portals and the results of a conducted assessment before making a decision on the extent of necessary amendments.

Read more pressrealase in Estonian