Legal Protection of Bank Customers Under the UK Law
The banker-customer relationship can be classified as an agency contract which entails privacy to be maintained of the said relationship. In general, an agent owes a duty of care and privacy to his principal1.
The milestone case identifying the duty of confidentiality and its principles was the case of Tournier v National Provincial and Union Bank of England2. The identified principles where a bank is permitted to disclose customers' information are:
- Where the bank is compelled by law to disclose the information;
- If the bank has a public duty to disclose the information;
- If the bank's own interests require disclosure; and
- Where the customer has agreed to the information being disclosed3.
Furthermore, the banks have started incorporating explicit obligation of confidentiality in their terms and conditions in dealing with customers, and hence, confidentiality has become an explicit legal term in the banker-customer contract4.
Further rights to confidentiality of a bank's customer are granted under the DPA 19985 which was enacted in alignment with the EU Data Protection Directive6 dealing with the protection of persons with regards to processing of personal information and its free movement.
DPA 1998 imposes several obligations on a data controller with regards to compliance with the 'data protection principles'7. The controller is obliged to 'use personal data fairly and legally'8 for only those aims which the data is meant for 'without any changes: to be sufficient, relevant and precise'9. Moreover, relevant procedures must be undertaken in relation to unauthorized/illegal usage of data, its damage and/or loss10.Generally, processing of the personal information is covered by the Act, while several exceptions11 are available, very much in line with the principles established in Tournier, where customers' information can be disclosed due to the following:
- Processing of data for the purpose of national security is exempt from data protection principles;
- Processing of data for the prevention/detection of crime or for taxation purposes is exempt from protection;
Further, protection is found under the HRA 199812 which incorporates the European Convention for the Protection of Human Rights and Fundamental Freedoms 1950 (ECHR) into English law in the following ways: a) by requiring the English courts to construe all legislation 'so far as it is possible to do so...in a way which is compatible with the ECHR rights; b) making it unlawful for a 'public authority' to act in a way that is incompatible with ECHR rights; c) introducing a procedure whereby the courts can declare legislation incompatible with ECHR rights'13. Article 8(1) of the HRA deems any contravention of an individual's rights as illegal, whereas Article 8(2) provides conditions to be met by the public authorities to avoid illegal use of sensitive personal data14.
The FSA 201215 amending FSMA 200016 provides for financial ombudsman service aimed at helping to settle disputes between consumers and financial institutions such as banks, insurance companies, and finance companies. As case studies show17 a minor mistake on the part of a bank may cause serious problems, in particular if the customer is operating a business. It has been observed that minor clerical errors might lead to serious business losses18. And, hence, banks must look and weigh the outcome of their actions in terms of 'losses' and 'caused distress and inconvenience'19.
Legal Protection of Bank Customer Under Egyptian Law
In comparison to the protection of personal data in the banking sector granted under the UK law, Egypt does not have a specific law which regulates protection of personal data. However, there are several provisions in relation to data protection to be found in various laws and regulations in Egypt. In relation to the financial sector, Egyptian Banking Law No. 88/200320 provides for the confidentiality of customers and their account information whereas the Presidential Decree No. 59/199021 governs the duty of banks to maintain secrecy of information related to the customers' accounts, deposits, transactions, and not to disclose such information without either a written permission of the customer or a decision rendered by a competent court/body22. The Executive Regulations of Mortgage Finance Law No. 148/200123 (amended by the Prime Minister Decree No. 465/2005) provides a similar clause which stipulates confidentiality of the data of the customers of mortgage finance companies. Moreover, further provisions can be found in the Constitution concerning the individuals' right to privacy as well as in the Civil Code24 which governs the collection, use and processing of personal data whereas Egyptian Civil Status Law No. 143/1994 contains provisions regarding citizens' civil status data.
It is interesting to note that the Egyptian laws and regulations do not provide for definition of personal data or sensitive personal data. The only law that addresses such a definition is Egyptian Labor Law No. 12/200325.
Personal data controllers are required for managing the customer and account data in banks but they are not required by law to take specific measures against unauthorized processing, accidental loss or deletion/damage of personal data. The controller will be held liable if such damage results from his/her omission. Also, there is no mandatory legal requirement in the Egyptian law with regards to reporting data security breaches or losses to the competent authorities.
Shall the Banking Information Be Concealed or Revealed?
As Gwendoline Griffiths26 noted, indeed, 'disclosure is winning the argument at present'27 given the recent global initiatives such as AEOI standard for financial account information (the Standard for Automatic Exchange of Financial Account Information in Tax Matters)28 accepted by almost 50 jurisdictions, and previous efforts by US, Germany and the UK in their efforts to achieve transparency in order to uncover terrorist financing and tax evasion29. However, these measures taken towards increased disclosure create tensions and legal difficulties with regards to a sensitive balance between legal frameworks governing confidentiality and privacy and aims of governments in terms of maximizing revenues through tracking tax evaders and cutting terrorism financing in its root. The conflict intensifies in a cross-border context. And, therefore, taking an example of Egypt (which refused cross-jurisdiction exchange of financial account information), the UK's rights to seek information on a tax payer is governed by its local laws, whereas the non-resident taxpayer will enjoy the confidentiality and data protection under the Egyptian statutes.
Egyptian banks refrain from being caught in political agendas and extra territorial bodies' efforts as well as being in the middle of a dispute outside of their direct concern, as pertinent to Article 7 of the Presidential Decree No. 59/1990 concerning the confidentiality of bank accounts30: 'without prejudice to any stricter penalty, any person violating the provisions of Article 1, Article 2 and Article 5 of the present law shall be liable to imprisonment for a period of no less than one year, and a fine of no less than ten thousand Egyptian Pounds, and not exceeding twenty thousand pounds'31. And, hence, the bank secrecy herein is part of the criminal law regime. And therefore, those jurisdictions where such legal framework exists might refuse to cooperate in terms of disclosure except for the criminal matters and legal basis for disclosure on the premises that disclosure might prejudice sovereignty, security and the state's interest. And although the disclosure is becoming more common, the conflict between 'confidentiality and disclosure and conflicting national interests will continue'32.
1 Regal (Hastings) Ltd v Gulliver 1942 1 All ER 378; Boardman v Phipps 1967 2 AC 46
2 Tournier v National Provincial and Union Bank of England 1924 1 K.B. 461 at 427
5 Data Protection Act 1998 (DPA)
6 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
7 S Abdulah, 'The Bank’s Duty of Confidentiality, Disclosure Versus Credit Reference Agencies; Further Steps for Consumer Protection: ‘Approval Model’ (2013) Vol 19 Issue 4 European Journal of Current Legal Issues accessed 1 February 2017 at http://webjcli.org/article/view/296/405#_edn47
10 Data Protection Act 1998, sch.1(4)
11 DPA 1998 Part 4, Section 28, 29, 36
12 Human Rights Act 1998
13 E.P. Ellinger, E. Lomnicka & C.V.M. Hare, Ellinger's Modern Banking Law, (5th edn., Oxford University Press, 2011) 175
14 Article 8(2): There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
15 The Financial Services Act 2012 (FSA)
16 Financial Services and Markets Act 2000 (FSMA)
17 Ibid (3)
20 Banking Law No. 88/2003
21 Presidential Decree No. 59/1990 concerning the confidentiality of bank accounts
22 Bank Secrecy Law 205 of 1990, Article 1 https://www.google.com.eg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwiS7-3l0e7RAhXM1hQKHRIjAroQFggkMAI&url=http%3A%2F%2Fwww.track.unodc.org%2FLegalLibrary%2FLegalResources%2FEgypt%2FLaws%2FEgypt%2520Banking%2520Laws%2520and%2520Presidential%2520Decrees%2520All.pdf&usg=AFQjCNGGq0RolLjQlRXROtiQMlLa0_Ij4A&sig2=KplR09VY0q0lpMHwiPmjFw&bvm=bv.145822982,d.d24
23 Executive Regulations of Mortgage Finance Law No. 148/2001
24 The Civil Code No. 131 for the year 1948
25 Labour Law No. 12/2003
26 In January 2007, Gwendoline Griffiths had the following to say on the British Bankers’ Association (BBA) Web site
27 C Proctor, 'Tax, Terrorism and Bank Confidentiality' (2008) https://www.twobirds.com/en/news/articles/2008/tax-terrorism-and-bank-confidentiality
28 OECD Automatic Exchange of Information accessed 1 February 2017 at http://www.oecd.org/tax/transparency/automaticexchangeofinformation.htm
29 Ibid (27)
30 Presidential Decree No. 59/1990 concerning the confidentiality of bank accounts
32 Ibid (27)
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.