The Court considers  as valid  the fact that creditors can make phone calls to relatives or third persons related to the debtor, in order to try to contact it.

This decision  dated on March 14, 2013 annuls the € 50,000 fine imposed by the Spanish Agency for Data Protection to a financial institution which sent faxes to the workplaces of its debtors and made  phone calls to their relatives and neighbors in order to locate them. In particular, according to this decision the phone calls made to any third party other than the debtors should not be considered as an infringement of their privacy since such communications did not disclose any relevant detail of the late payment.

The Spanish Agency for Data Protection (AEPD) took into account the declaration of nine people who complained  about having received numerous phone calls trying to locate the debtor and facsimiles to the debtor workplaces in which it was stated that " The sooner you call, the sooner this situation will be solved."

The Spanish data Protection Agency found that the bank had infringed Article 10 of the Data Protection Act regarding the non- compliance with the obligation to secrecy, when it informed a third party about the existence of a debt. According to the cited article "The data controller and those involved at any stage in the processing of  these personal data, will comply with its obligations of confidentiality regarding personal data and its duty to safeguard them, these obligations will persist even once the relationship  with the owner of the data controller will be finished.” However, the Court has stated that these phone calls were necessary to try to contact the debtors and relevant details concerning the debt were not disclosed.

Undoubtedly, this judgment offers new opportunities to banks and recovery entities whose main issue is the localization of debtors. Notwithstanding, even if there is no breach of law as far as the details of the debt are not revealed, we wonder whether creditors and recovery entities are legally entitled to make phone calls to the debtors’ neighbors and relatives in order to locate them.

Accordingly, it is worth referring to the judgment dated on February 8, 2012 which annulled Article 10.2 (b) of Royal Decree 1720/2007 implementing the Data Protection Law. The referred article (that was further annulled) established some particulars cases in which the data processing without the authorization of the owner was allowed. These special cases were foreseen only in those circumstances when the data were accessible to the general public, provided a legitimate interest is pursued by the data controller and if no fundamental right is infringed. However the Supreme Court contested this article since it includes an additional requisite, i.e. the obligation that the data should be accessible to general public, whereas the Community Directive did not foresee it.

So, back to the question of whether financial institutions and creditors are entitled to contact relatives and neighbors in order to locate the debtor, we will be facing the situation in which the entity does not have the consent neither of the neighbor nor of the relative for the processing of their data, but a legitimate interest is pursued. Therefore, bearing in mind that article 10.2 (b) was annulled  the data controller does need to check whether the data of relatives are available for the general public.

In the light of the above, creditors and recovery entities, even in the absence of any authorization from the debtor’s relatives and neighbors, are entitled to contact them in order to locate the debtor provided the defaulting status is not revealed.