Use links to sources: click at red words
Nordea Bank, discussion on how-to-interact on personal data documents
In Nordea ('secure') website's chat
Nordea: …conversation will be saved.
Nordea: Hi, I'm Kristo. How can I help you?
You: Hi, I received sms in Finnish language to my mobile phone from somebody who names itself Nordea :-) My Finnish is not good enough to understand, why it wrote "Olet saanut postia" - because I didn't receive any postal item from Nordea. I can presume that "Nordea" meant 'viestia' / a message - that "Nordea" wishes me to open in some insecure way. Insecure also means 'not-customer-centric', but 'sender-centric or message provider-centric'. I presume that this message might contain my sensible personal data, therefore I ask you again (see my previous message to NORDEA) to send the data I requested per SAR (GDPR) - in a secure way (by paper postal message*), to be paid (and responsibility - per GDPR- up to 4 mln. € - to be taken) by the sender (not by me).
* I understand that NORDEA doesn't wish to carry that costs and responsibility - but there are Hybrid Mail solutions (like** in Germany), that save these resources. Most important: a consumer (per GDPR) has the right to consent to the most secure way of communication re. personal data.
Nordea: We have sent this information you have request through your Netbank under secure connection. You can find this mail from your Netbank under Everyday Finances - Omaposti Documents.
Nordea: Would you like to receive a paper form of the same document?
You: Thank you, but I don't use this channel, because I am afraid that it's insecure (I read a lot about bank information hacked when it is sent in electronic way). And I have dozens of organisations who wish me to join their electronic channels (Oma viesti), that security I can't have expertise to assess. That's why I insist at the most secure and legal way of communication that includes my personal data - by paper letters. That is my right by GDPR. Please act conform to GDPR > Finnish law.
Nordea: We can send you this document via regular mail. May I have your address?
You: Thank you. I repeat my address that I have already informed to Nordea in my a.m. SAR: … Espoo, Vladimir Kuparinen
Nordea: Thank you very much! I double checked that the address is correct.
Nordea: This document you requested will be sent to your home address via regular mail
You: Thank you. Have a nice day!
Hybrid (at paper PLUS electronic means/2D-code) message
At a book
At a letter
Nordea Bank, discussion on how-to-interact on personal data documents
My answer in short. My full answer see below Nordea's message.
|Category:||Request access to personal data|
First of all I'm very sorry for the inconvenience. You have a right to access the personal data we are keeping about you and I have done it behalf of you today 30th of May. Your personal data will be sent to you to Omaposti (netbank).
I noticed that you have requested to receive it via netbank and also via post, but we prefer OmaPosti because of its safety and quickness. I hope this is ok for you. I'll refund your account (20e) for all this trouble and for possible printing costs it will cause you.
General Data Protection Regulation's (GDPR) implementation date was last Friday 25th of May 2018, so before that we weren't able to handle your request and we have informed you wrongly that you can only make the request in our branch. The easiest way is to do it in www.nordea.fi, but I have done it now for you.
Thank you for your patience.
0200 3000 (pvm/mpm)
Ulkomailta soitettaessa +358 200 3000 (ulkomaan puhelun hinta)
My answer to Nordea, dd. 07/06/2018
Re. my SAR / Subject Access Request per GDPR, dd. 30.4.2018
Thank you for your attempt to correct Nordea's GDPR-non-conform handling of my SAR (by offering me to visit a Nordea office - for receiving there a responce to my SAR).
I can't accept your offer to print out by my own means the answer from Nordea,
because it is (1) not conform to GDPR, and (2) is subject to my (absent) consent to stop paper letter communication with Nordea / in exchange to e-media.
Moreover I consider it a dangerous sign of misunderstanding of consumer-relevant laws & risks by leading Finnish institutions, like e.g. telecoms and banks, when e-media communication bears more risks than paper letters:
- it is obligation of the institution (per EU law) to deliver its answer to consumer
- and offering to consumer to access BY OWN MEANS to an institution's resource is not a delivery of an answer from an institution.
And the reason is: personal costs, imho. I.e. attempts by institutions to transfer payment of communication costs from institution to a person, that increases costs from industrial solutions to personal solutions. Like e.g. costs of printing out "electronic bill" at home printer.
- its new public portal suggests consumers to take a NEW - and provider-centric (not user-interests-centric) - obligation of regular checking services' messages
- and Suomi.fi considers a service's message to be delivered to consumer in the moment of sending the message,
that can be true - per EU law - only for some cases of sending a PAPER letter by Post, but not for cases of sending an electronic message,
BEFORE a consumer confirms his irreversible (!) consent to receive e-messages ONLY, i.e. NO MORE paper message.
And also - subject to person's consent to consider e-message delivered in the moment of sending by an institution,
i.e. NOT IN THE MOMENT OF RECEIVING the message by a person. A lawyer could provide here links to the relevent EU laws,
but I hope that Nordea lawyers can provide these links without my help.
This consent is not granted to Nordea by any consumer in advance, at least in my case: it would cost me too much
(e.g. (1) home printing vs industrial; (2) insecure email interchange, that even KELA considers not GDPR-conform), in return-for-nothing.
A better solution (Hybrid Mail, combining e-media & paper: not either/or, like NetPosti) is recently introduced in Germany,
- and I hope that before Nordea finds any better consumer-centric solution,
we should receive paper letters: when user wishes it. This is EU law.
One more reason for a consumer to prefer a "dead-tree version" of communication (paper letter):
- an average person's IT skills doesn't allow him/her to check if e-message delivers personal data in full, in answer to his/her SAR:
- like e.g. misleading/false "disclosing" of personal data of a subject by granting an access to a "personal data zip-file" by Facebook:
- a simple check to a web service MySocialBook.com shows that Facebook keeps my personal data from 2012:
- this commercial service offers me a printed 'photo-book', with my Facebook posts & comments, dated from 2012,
whereas Facebook - answering my SAR- has recently provided me access to a "relevant" zip-file of "ALL" my personal data for 1 year only.
How can I prove that Nordea would provide me access to full amount of my personal data files,
if I don't have a "dead-tree version" of these zip-files? Could I refer to Data Protection Officer/in court to insufficiency of "my ALL" data from a zip-file?
I do hope that Nordea handling of my personal data communication is more EU laws abiding than Facebook's, that is why I kindly ask you to base it at paper,
in order not to lead consumers to "zero-trust" base, like e.g. Facebook does (and - regretfully - some telecoms, banks).
Therefore I ask you kindly to answer my SAR by postal letter, - like Kela did.
And if my personal data at Nordea consumes so much paper as at Kela (500 sheets double side printed, black&white): printing the sheets at my home printer would cost me several times more than 20 €, that you "kindly" offered me "for all this trouble and for possible printing costs".
"MySocialBook" discloses its affiliation with illegal demand from Facebook to give consent to ads
10/02/2017: showing my data images from 2012
07/06/2018: not showing my data images. Because of absent consent to Facebook illegal demand