The Court of Justice of the European Union rendered a decision prohibiting certain automated credit scoring and extended data retention practices under the EU General Data Protection Regulation. The scoring practices of German credit bureau SCHUFA generally contradict GDPR provisions on the use of automated decision-making technology. The court also ruled SCHUFA's data retention concerning discharge from remaining debt does not meet the six-month retention period laid out in the GDPR and German law.
CJEU rules GDPR covers credit bureau's automated decision-making, data retention
Related stories
Notes from the IAPP Europe: The month of consultations — time to provide input on shaping Europe's digital future
Italy updates National Cybersecurity and Data Protection Framework
Insights from the ANPD's new technical note on automated decisions
Right-sizing AI governance: Starting the conversation for SMEs
AI governance in aged care
