The Court of Justice of the European Union rendered a decision prohibiting certain automated credit scoring and extended data retention practices under the EU General Data Protection Regulation. The scoring practices of German credit bureau SCHUFA generally contradict GDPR provisions on the use of automated decision-making technology. The court also ruled SCHUFA's data retention concerning discharge from remaining debt does not meet the six-month retention period laid out in the GDPR and German law.
CJEU rules GDPR covers credit bureau's automated decision-making, data retention
Related stories
Hallucinations in LLMs: Technical challenges, systemic risks and AI governance implications
What the US Supreme Court's decision upholding Texas law means for data privacy
The next chapter for ROPAs
Notes from the AI Governance Center: The importance of trust in AI governance
El proyecto de ley de datos personales recibe media sanción en la Cámara Baja de Paraguay
