Claim against improper inclusion in the CIRBE

Although the Central de Información de Riesgos del Banco de España (CIRBE) is not properly a “file of defaulters” of those provided for in art. 29.2 of Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights (LOPD), is also subject to the “principle of data quality” that the reporting entities to the CIRBE must enter true and exact data in it. Otherwise, and if the data entered shows that the affected party is in arrears, their right to honor protected by article 18.1 of the Spanish Constitution would be violated. We study it below.

CIRBE regulatory framework

The CIRBE can be defined as a publicly owned information system in which credit institutions and financial institutions (hereinafter, “reporting entities”) publish data and information on the risks of the credits they have signed with individuals and companies.

According to article 59 of Law 44/2002, of November 22, on Financial System Reform Measures (hereinafter, “Law 44/2002”), its main purpose is:

“to collect from the reporting entities (…), data and information on credit risks, to provide the reporting entities with the necessary data for the exercise of their activity; allow the competent authorities for the prudential supervision of said entities the proper exercise of their supervisory and inspection powers; contribute to the proper development of the other functions that the Bank of Spain is legally assigned to”.

The same Law 44/2002 establishes in its article 60 the minimum content that the registered data must have and which is, broadly speaking, the following:

• Identifying data of the borrowing party.
• Information on the amount of the credit and its recoverability.
• Data that reflect a possible non-compliance situation.
• The specific provisions that the reporting entity has had to allocate to the borrower to cover credit risk.
• Any other data that reflects a risk associated with credit.

It may interest you: “Nullity of usurious interest on microloans, consumer loans and revolving cards”

Declared data requirements: accuracy, timeliness and proportionality

Given the sensitive nature of the information contained in the CIRBE, the Law requires that the registered data be accurate and updated, in such a way that they reflect the reality of the risks associated with credit and the financial solvency of the holder. And it is that if the information were erroneous and labeled the owner as “defaulter”, or associated with the credit a greater risk than the corresponding one, the injured party would see their right to honor protected in article 18.1 of the Spanish Constitution and article 7.7 of the Spanish Constitution violated. Organic Law 1/1982, of May 5, on civil protection of the right to honor, personal and family privacy and self-image.

The Supreme Court has already developed jurisprudence on the violation of the right to honor by the inclusion of personal data in the CIRBE file. For all of them, it is worth mentioning its Judgment no. principle of quality of personal data”, that is, complying with “the requirement of adequacy, relevance, proportionality and accuracy of the personal data subject to automated processing”.

Not only is the veracity of the registered data required, but the High Court rules that they must also be relevant to the purpose of the file, which is, let us remember, to inform of the risk of the credits subscribed by the borrowing party.

Following the same line, the Supreme Court in its Order of July 18, 2018 (nº rec. 4748/2017), concludes that there is an illegitimate interference with the right to honor of the owner of the data and, therefore, may claim compensation for damages, if “from the mentions contained in the CIRBE file it appears that the affected party is a defaulter, and that such mentions do not correspond to reality ”.

The Provincial Courts have also ruled on the matter, being especially noteworthy the Judgment of the Provincial Court of Oviedo, of February 21, 2019, in which, applying the aforementioned criteria of the The Supreme Court ruled that “the data being processed must not only be authentic, exact, truthful, but must always be up-to-date”.

It may interest you: “Economic coverage for legal assistance in consumer matters”

Claim for disagreement with the data declared in the CIRBE

When the data is inaccurate or incorrect, article 65 of Law 44/2002 authorizes the affected party to request rectification or cancellation from the declaring entity, being able to do so through a formal claim made before the Customer Service of the company under the protection of Order ECO/734/2004, of March 11, on customer service departments and services and the customer ombudsman of financial institutions.

Once filed, if the claimant does not agree with the resolution of the entity claimed or has not received a response, they may also file a claim with the Bank of Spain, which will urge the declaring entity to formulate allegations. Finally, after listening to the parties, the Bank of Spain will issue a non-binding report establishing its criteria and terminating the file.

Notwithstanding the foregoing, the owner of the CIRBE data may go directly to the courts (without the need to file a claim with the Bank of Spain) in exercise of the action for protection of honor ex article 9.2 of Organic Law 1/1982, of March 26, on Civil Protection of the Right to Honor, Personal and Family Privacy and Self-Image, in which You can claim not only the cancellation of the incorrectly registered data but also compensation for the actual damages suffered as a result of the unlawful action of the declaring entity.

It may interest you: “Seizure of future credits ”

Nerea Ortiz de Zárate Beitia
Commercial Law Department

10/08/2022