If the client does not approve the use of his personal data, he may be left without any service or benefit, sanctions will follow in a few days

When entering the account on the line A message comes from the bank that many people ignore and give X to proceed with a transaction or a payment, but this piece of information that is not read is very important: it is authorization for the processing of personal data. Failure to pay attention may leave you without this service. And not only in banks, supermarkets have also launched campaigns to update affiliations so that the client does not lose benefits or win prizes.

They already have the data of their clients, but because this week is the deadline for sanctioning those who do not have the permission of the owner of that data, as prescribed by the Personal Data Protection Act, which came into force on May 26. 2021. The first transitional provision of this rule states that “the provisions relating to educational measures and the sanctioning regime shall enter into force two years after the publication of this law in the Official Gazette.”

‘Delete me from database’, the solution to persistent sales and promotional calls

In accordance with this law, for example, Banco del Pacífico informs its clients that they must give consent to the subject for the processing of their personal data for the financial service, guaranteeing compliance with applicable regulations and the protection of their personal data. In this way, you can group them, segment them, collect them in a database and generally use your personal and credit information. In addition to “sharing or communicating with third parties for purposes necessary as a client or financial user, such as managing bank accounts, means of payment or generally for products offered by the Bank: for credit analysis, creating information models and/or profiles of current and predictive behavior, processes of in-depth analysis or in general any other review that is necessary for the stated purposes and for the prevention of money laundering, financing of terrorism and other criminal acts”.

In Banco Pichincha, the authorization indicates that the information will be used to assess credit possibilities, deliver personalized offers and that “data processing will have the following purposes: preparing and/or segmenting profiles; performing credit analysis including through automated techniques; developing commercial actions of financial and/or commercial products and services; and/or, market and promote (including sending advertisements in any way) various financial and/or commercial products and services”. In addition, the authorization contains the client’s confirmation that “the bank has the right to limit or terminate the business relationship in in case of revocation of this authorization”.

The Association of Banks of Ecuador (Assobanca) also emphasizes that “if the client does not accept the use and management of his personal data, this could affect the provision of services that the financial institution currently provides, given that the processing of personal data, in accordance with the legal framework, is necessary for the optimal provision of services” .

But it ensures that when a customer accepts that the bank can use their personal data, the said authorization is specific to the service requested. And “under no circumstances is it implied that your information is used or shared so that third parties can offer their services.”

Organic law on personal data protection adopted in the Official Register

Companies are bound by the Personal Data Protection Act, which establishes legitimate treatment, to prove that they are for related purposes or complementary services and have consent (Articles 7, 8 and 9), but users also acquire the right to know what information of your data they have, request corrections , deletion or object to the processing of your data (Articles 12 to 20). And this can be complete or partial and would suit cases where the company requires full acceptance of its terms, says Alejandro Varas, an expert in digital business and data protection.

However, he believes that the client can feel comfortable with these authorizations because the goal is to prevent misuse of personal data for commercial purposes and without consent. “It’s time for people to stop being afraid of reporting information in safe media, from safe sources, because there is already a law that will protect their rights.” He sees the problem in the fact that people do not want to read, find out, know that this law should eventually eliminate the purchase of databases of dubious origin.

Is there protection of our personal data?

The executive president of Asobanco, Marco Rodríguez, says that “based on the progress of new technologies and the vision of most industries to protect the information of their clients or users, it was necessary in Ecuador” to issue framework regulations regulating the processing of personal data. The banking system believes that the Personal Data Protection Act is “a positive and appropriate measure, which harmonizes all activities with international standards in dealing with the personal data of its clients and users”. He comments that before the publication of this standard, even before 1994, the financial system was the first to begin a continuous and sustainable process of adapting its policies and controls based on good international practices for information security and its clients’ data, that many of the provisions contained in the new law, banks have already adjusted.

“In this way, together with the new regulation of the law, the banks revised each of the contracts on financial products and services that they concluded with their clients in order to add or change clauses in accordance with the new legal provisions and in favor of the rights of their clients. In addition, the Bank Administration has adopted by-laws on control and supervision, which determine the general parameters by which banking entities must comply with the provisions of the aforementioned law,” he adds.

In the commercial sector, campaigns focused on promotion were selected: