Voice recordings violate the General Data Protection Regulation (GDPR) when companies fail to provide callers the ability to opt out according to a ruling earlier this month by the Denmark Data Protection Authority. Under the GDPR, voice recordings are considered personal data. Therefore, companies that communicate with EU residents need to understand what the GDPR requires from a compliance perspective to avoid unwanted violations.
This Call May Be Monitored …. Requires Affirmative Consent
We have all heard some form of the following phrase right before a live person answers the phone, “This call may be monitored for training purposes…” Well, in this instance the caller asked the Company NOT to monitor the call for training purposes. The Company representative replied there was no way to turn the recording off. Based upon these facts, the agency in Denmark held the inability to turn the recording off when requested violated the GDPR. The Company argued unsuccessfully that by continuing on the call, the customer consented to having the conversation recorded. The agency disagreed and stated consent needs to be more than just tacit approval but rather a clear, affirmative and unambiguous choice to have your personal data recorded. Affirmative consent was not available in the foregoing example.
The take away here is that affirmative consent requires the ability to opt out. If there is no way to opt out, were you given a meaningful choice? Is tacit compliance enough? In Denmark, the answer was clearly no. Going forward, US companies that are subject to the GDPR should take notice of this ruling and pay careful attention to internal telephone practices. Click here for more information generally on the GDPR. If you have any questions regarding this or any other aspect of your business, please feel free to contact Doug Leavitt at Danziger Shapiro & Leavitt, P.C.
This entry is presented for informational purposes only and is not intended to constitute legal advice.