Mr. Denis Kelleher:

I wish to clarify that I am appearing here in a personal capacity. This issue has been argued before the High Court on several occasions. It has also been argued before the European Court of Justice where somebody has signed a loan. The leading European case is that of Probst v.mr.nexnet. There have been a number of High Court cases in Ireland about this element of either securitisation of the loan of transfer of the loan.

One of the arguments they have made is that they did not consent to this and did not consent to the transfer of their personal data. Typically what happens is that they look into the contract and where the contract allows for the transfer of one's personal data in that way, it just goes ahead. People need to be very careful about the contracts they sign because once a person signs a contract that person is effectively providing the controller of those personal data with the ability to transfer or process the data for the purposes of the contract. In one case, a lady objected to the securitisation of her loan and the High Court allowed for the securitisation. The only clause they could find in her contract that allowed for securitisation was in fact the data protection clause, which allowed for the transfer of her personal data for the purposes of sale. They read back from that that the contract, itself, allowed for the transfer of the sale of the loan. If the contract allows for the sale of the loan in data protection law, that is sufficient. I realise that it creates considerable upset and there are a large number of cases on this point. It is settled law at this stage that if a person has agreed to it in the contract, the transfer can go ahead and can be processed for the purposes of debt recovery.