+44 (0) 191 217 0775
FENCA Code of Conduct: General Data Protection Regulation (GDPR) and e-Privacy in the European collections market
31 August 2017
Leigh Berkley is External Affairs Director at Arrow Global, a CSA Board Director and Vice President of the Federation of European National Collections Associations (FENCA). He will be delivering a session at the CSA’s UK Credit & Collections Conference in September 2017 on the new FENCA Code of Conduct as part of the conference’s General Data Protection Regulation stream (GDPR). Book your place here: http://ukccc.csa-uk.com/
While the dust has long since settled on the various rounds of negotiations and debate that ultimately gave birth to the EU General Data Protection Regulation (GDPR) which comes into force next year, it is certainly not the end of the story. Indeed, in many ways, it is only just beginning.
Hopefully, your organisation will already be well down the road of preparing to implement GDPR. And for several months now FENCA, the Federation of European National Collection Associations, has been working towards creating a Code of Conduct for GDPR across Europe, to provide a level playing field for all customers and employees, and to help interpret the new regulation for our industry.
European Standard Business Practices
Having engaged legal representation, the first stage was to formulate and agree common European Standard Business Practices (ESBPs), which was basically a flowchart looking at the passage and use of personal data, and how such data is used throughout the collections process. Feedback on the ESBPs has now been received from all the FENCA members (including the CSA) and their responses are being assimilated.
In general terms, the ESBPs have met with almost universal approval. Of course, there are particular nuances within individual countries – especially when it comes to the point at which legal action is appropriate and how it works – but these specifics are going to be addressed in a more detailed questionnaire that is now being prepared. The purpose of this questionnaire is to define every step of the process for each country, after which the FENCA lawyer, Dr. Gero Ziegenhorn, will produce a first draft of the Code over the summer/autumn. A FENCA steering Committee and Working Party consisting of experts from credit firms across Europe have been established, and we are looking for representatives from European purchasers and collection agencies for the working party.
The CSA leading the way
The Credit Services Association has, of course, played a leading role throughout the GDPR debate, and has formed its own dedicated GDPR Working Party to support its members in the UK. The terms of reference and aims of the Working Party have now been set, with a particular focus on developing tools to support members, and the wider credit industry, in implementing the new regulations. Those wishing to lend their support and expertise on either the FENCA or CSA working parties can get engaged by contacting Claire Aynsley at the CSA on firstname.lastname@example.org.
It will also be one of the key themes of the UK Credit & Collections Conference on 14 September 2017 with a keynote presentation from the Information Commissioner’s Office’s Jo Pedder and a whole stream of workshops dedicated to GDPR including my session on the FENCA Code and others on data privacy impact assessments, and individual’s rights.
Riding in tandem with GDPR has been proposed regulation called the e-Privacy regulation. Whereas GDPR covers the issues of processing and storing personal data, the new e-Privacy regulations are concerned with how that data is actually transmitted. It is looking at, for example, how data is sent between the creditor and the debt purchaser/debt collection agency, as well as communications from the customer to the purchaser/collector direct.
Scheduled to come into effect in May 2018, at the same time as GDPR, the new regulation has not been without its challenges. Although a first European Commission draft has been out since January, extensive amendments have now been tabled by the European Parliament, led by MEP Marju Lauristin, who is the rapporteur for e-Privacy. FENCA has produced a position paper on the new proposals, strongly arguing that the provisions of the e-Privacy regulation should be harmonised and aligned with GDPR. The proposed EU Parliament amendments are ill-timed and ill-informed, and both FENCA and the CSA are now lobbying hard to prevent issues that were asked and answered in the original GDPR debate from resurfacing, so close to implementation.
The timescales are short, and implementation of e-Privacy may end up being delayed, but there is a clear urgency in agreeing our negotiating position and lobbying against particular excesses, such as a proposal to deny member states the right to vary the strict rules of the regulation to take into account local conditions, along with major restrictions on the transmission of data which is held perfectly legitimately under GDPR. Such amendments would not be in the best interests of CSA members, but more importantly, would similarly not be in the best interests of the digital consumer or the economy.
There is still plenty of water to flow under this particular bridge before GDPR and its supportive cast can finally be put to bed and I look forward to discussing all the issues further at the UK Credit & Collections Conference.