EU Court of Justice Rules Automated Credit Scoring May Violate GDPR
The EU Court of Justice was especially feisty last week, issuing several rules that put new constraints on credit agencies. Most significantly, the Court determined that calculated credit scores are automated decision making, which GDPR prohibits without user consent. The Court also limited data retention and gave national courts the right to review decisions by national data protection authorities, which have often been notably lax in their enforcement efforts.