Hungarian Data Protection Authority (Authority) published its annual report in which it presented a detailed decision
(Decision) where it imposed its highest fine to date of approximately 670,000 Euros. This record-breaking fine was
imposed on a bank in response to its unlawful use of artificial intelligence for automatically analyzing records of customer
services calls.
The artificial intelligence system subject to the review of the Authority is designed for the analysis and evaluation of the
emotional state of the callers of the call center and the key words used in the calls. Bank had been using these results
of the analyses to determine in what order the customers should be called back and to monitor the efficiency of the call
center personnel.
Even though the Authority emphasized that the use of artificial intelligence is not unlawful in itself, it ruled that the
particular manner of this use was against the European Union General Data Protection Regulation (GDPR). Authority
based this Decision on the grounds that (i) the voice analysis conducted by artificial intelligence and the purpose of this kind of process was not mentioned in the bank’s privacy policy, (ii) even though the bank based the data processing on
legitimate interest, how the proportionality of the interests was achieved was not clearly put and (iii) despite the voice
analysis with artificial intelligence being evaluated as a process with “high risk”, the required measures were not taken.
The Decision is highly notable since it emphasizes the degree of care that must be exercised when using artificial
intelligence in data management.