EU: New Guidelines on Online Services and 'Performance of a Contract' basic for processing

The European Data Protection Board has released for consultation a new set of guidelines on the topic of the processing of personal data in the context of online services. In particular, the guidelines focus on the circumstances in which it is appropriate to use performance of a contract (Article 6(1)(b)) as the lawful basis for processing personal data, and those in which other bases, such as consent (Article 6(1)(a)) or legitimate interests (Article 6(1)(f)) are preferable. The guidelines attempt to correct perceived "bad practice" resulting from an overly broad application of the performance of a contract basis.