NAIH, Hungary’s Authority for Data Protection and Freedom of Information, constantly receives inquiries on the legality of voice recordings. To clarify the ambiguities, NAIH issued its Guidance on Making and Using Voice Recordings. Now companies engaged in voice recording – in particular call centres, shared service providers and customer helpdesks – will need to revise their internal practices and policies to ensure compliance with NAIH’s Guidance. Revisions may be necessary to address, for example, the privacy information provided to customers, the applicable data retention periods, and data access procedures.
General data protection remarks
The Guidance states that if the recording is not required by law, the relevant person must consent to its making and further use and the company shall inform the person that the conversation is recorded in advance. Employers shall appropriately inform employees at telephone helpdesks of the processing of their personal data, which may include the recording of their voice as part of the customer service operation. Third parties may access the recordings of phone calls only upon the consent of both the caller and the receiver. NAIH provides that data access rights include listening to the recording again, and also receiving a copy of the voice recording for free. If a voice recording is made unlawfully, the competent court may still accept it as evidence, but unfortunately NAIH does not assess the specific privacy aspects of such a scenario, even though it occurs in practice more and more often.
Specific remarks for various industries
NAIH emphasises that companies operating customer service operations may process their recordings only for the term set out by law (usually five years for consumer protection purposes) or required for the fulfilment of the relevant contract. After that, companies shall delete all the relevant data, including backup copies. Companies must inform customers before the recording – e.g. before the customer service via telephone – about the company’s obligations pertaining to the making, storage and provision of the recording, together with the processing purpose and the relevant individual identifier of the recording. In the electronic communications sector, the retention period varies between 1 and 2 years, and data access rights can be exercised by listening the recording in an appropriate place, and/or receiving a copy of it. In the banking and in the insurance sector, the retention period is 5 years, and data access rights can be exercised by listening to the recording, and/or requesting a certified copy of the minutes of the call. NAIH sets out that banks and insurers can make voice recordings which do not relate to complaints only upon the customer’s consent.
Meeting participants must be notified in advance if the meeting will be recorded to facilitate the precise preparation of minutes. Attendees who do not consent to the recording should make their statements unrecorded, only to be included in the written minutes. The recording must be erased once the written minutes have been prepared and the time limits set for available legal remedies have expired.