.svg)
Data protection problems prevent amendments to payments law coming into effect in Lithuania, as the legislation heads back to the country’s parliament.
Gitanas Nausėda, the country’s President, said that the new payments rules risked handing over excessive amounts of sensitive data to banks and payments institutions.
The law, which was adopted by the country’s parliament, allows payment service providers, payment system operators and other entities to access “extremely broad possibilities” to process personal data.
This includes data that could reveal their race, political views or even data about their sex life.
The law was proposed to ensure the proper provision of payment services, the execution of payment transactions and the prevention, investigation and detection of payment fraud.
Although this goal of achieving greater regulatory clarity in processing personal data is relevant, the President emphasised that the inviolability of a person's private life is protected by the constitution.
In the President’s view, the Payments Law provides disproportionately large powers to process personal data.
"Lithuania is a member of the eurozone and the unified payment system, so until there is a clear European standard for the processing of special categories of personal data during payment transactions, we cannot adopt the Payments Law with such broad, unprecedented data processing powers,” said Nausėda, an independent politician.
“The essential human right to data protection must be ensured."
Reacting to the news, the Lithuanian Banking Association (LBA) said it was disappointed.
“When making payments in banking systems, customers themselves voluntarily indicate, for example, health-related information,” said Eivile Cipkute, the trade association’s president.
“In such cases, banks inadvertently become processors of such personal information, without collecting it intentionally.”
Cipkute continued to say the LBA hopes that the institutions will propose the best possible solutions to the situation that has arisen so that it can be resolved from a legal point of view, taking into account the public interest in a smoothly functioning payment system.
Through the veto, the President suggests that the initiators of the law, together with the responsible institutions, especially the State Data Protection Inspectorate and other personal data experts, take into account the regulatory precedents of other eurozone countries.
In particular, how other jurisdictions establish a proportional relationship between data collection and personal data protection.
Nausėda also draws attention to the fact that payment services include not only the execution of orders but also other services, as a result of which the powers of data processing are too broad according to the adopted Payments Law.
In the President's assessment, when improving the Payments Law, the goals and methods of special category personal data processing should be defined in more detail and that clearer data protection guidelines should be established.
Among other things, he said that the public should be informed about the peculiarities of personal data processing during payment orders or other payment operations.
