Many professionals want to keep a recording of a telephone conversation, believing that this constitutes proof of a contract, even without written confirmation.
However, the question is not always obvious. So, is this practice legal? What are the conditions to be respected and the rules in force? The National Commission for Computing and Liberties delivers its answers.
Recording is authorized as long as it constitutes the only solution of proof
From a legal point of view, recording a telephone conversation as proof of the formation of a contract is authorized. However, any organization or company wishing to do so must, in its capacity as data controller, prove that this is the only way to prove that a contract has been concluded with the data subject. Contracts that can be concluded orally and those that require written confirmation should therefore not be mixed up.
The CNIL tells us that registration must be necessary. Some contracts fall within the scope of an oral subscription. ” Only conversations relating to the conclusion of a contract by telephone may be recorded “, explains the data constable. This means that the teleoperator you have on the phone can only record the conversation if the subject of the conversation clearly relates to the conclusion of the contract and if it constitutes the only means of proving that there is a contract.
There are cases where certain authorities, such as the Directorate General for Competition, Consumer Affairs and Fraud Prevention (DGCCRF) or the Financial Markets Authority (AMF), carry out checks on the obligations that teleoperators must respect. . This is the case, for example, when you carry out a transaction with an investment service provider, or when insurance distributors carry out canvassing. The authorities indeed want to ensure that the obligations in terms of customer information are well respected.
Simple rules to follow to protect the people on the other end of the line
There are clear rules that help protect customers, users, providers or prospects. First, the persons concerned by the registration must be informed ” in a concise, transparent, comprehensible and easily accessible manner, in clear and simple terms of how data about him is processed.
To comply with the GDPR, the teleoperator must thus indicate the objective pursued by the telephone call, the identity of the data controller, the existence of the processing, the duration of the data retention and others such as the procedures for exercising the rights. access and rectification. An oral mention of these elements is imperative. The CNIL also recommends a reference to a website, of the “legal notices” type.
In addition, the service or operator must make sure to secure the personal data of the interlocutor, but also limit the retention period of the recordings. The common law limitation period is five years.
And for bank details, registration or not?
The collection of banking data is a sensitive point. By subscribing to a contract or reserving a stay by telephone, it may happen to communicate the number of his card, its expiry date and the visual cryptogram. This sensitive data is then recorded as part of the telephone conversation.
The CNIL reminds that the recording of this data is not necessary for the proper execution of the payment. It therefore recommends that a device for temporarily interrupting the recording be put in place everywhere and offered to the consumer, so that his bank details are not kept with the recording.
On the same subject :
Consent: the turn of Google’s “reCAPTCHA” to be pinned by the CNIL
Source : CNIL
7