Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Netflix invented binge watching. Now he may be over it.

The ‘first’ ransomware attack run by AI still needed a human

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026
  • Apps

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Fintech»Credit rating agencies face restrictions after landmark EU data protection ruling
Fintech

Credit rating agencies face restrictions after landmark EU data protection ruling

techtost.comBy techtost.com8 December 202306 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Credit Rating Agencies Face Restrictions After Landmark Eu Data Protection
Share
Facebook Twitter LinkedIn Pinterest Email

Credit rating agencies operating in the European Union may face tighter restrictions under the bloc’s privacy laws following a ruling issued today by the Court of Justice of the European Communities (CJEU). The referral relates to complaints made against the practices of a German credit rating agency, called Sufabut it could have wider implications for credit reporting agencies operating in the area where the General Data Protection Regulation (GDPR) applies.

A complaint that the CJEU examined focused on a case of “prolonged” data retention by the credit reporting company of information on the granting of discharge of outstanding debts held in the German public insolvency register for only six months. However, a code of conduct for German credit bureaus allows a three-year retention period for their own databases. And the Hesse Data Protection Authority had rejected the complaint about data retention. also seeking to support the local court could not review its decision. The CJEU disagreed.

“The Court considers it contrary to the GDPR for private entities to retain such data for longer than the public insolvency register,” he wrote in a press release for case C-634/21 (plus joined cases C-26/ 22 and C-64/22). “Discharge of remaining debts is intended to enable the data subject to re-enter economic life and is therefore of existential importance to that individual. This information is still used as a negative factor when assessing the creditworthiness of the data subject. In this case, the German legislator provided for the storage of data for six months. It therefore considers that, at the end of the semester, the rights and interests of the data subject prevail over those of the public to access that information.”

“To the extent that the retention of the data is unlawful, as is the case after six months, the data subject has the right to request the deletion of the data and the organization is obliged to delete the data as soon as possible,” the court added.

The CJEU also ruled on a second complaint that seems rather existential for credit rating agencies – as it questions whether Schufa can automatically issue credit scores, given that the GDPR provides protection for individuals subject to solely automated decisions with legal or significant implications for that’s all. So, in effect, they may need to get people’s express consent to rate them.

The Court ruled that Schufa’s credit rating should be regarded as an “automated individual decision”, which its press release notes is “prohibited in principle by the GDPR, to the extent that Schufa’s customers, such as banks, attribute to it decisive role in the granting of credits”.

If this type of credit assessment is the basis for a bank’s decision to, for example, refuse an individual loan, the practice risks breaching EU data protection rules.

Although in this particular case it will be up to the Wiesbaden Administrative Court to assess whether the German Federal Data Protection Act contains a valid exception to the prohibition under the GDPR. And, if so, to check whether the general conditions set out by the GDPR for data processing are met — such as ensuring that individuals know their right to object and request (and receive) human intervention, and are in position to provide meaningful information about the credit score rationale upon request.

“Judicial review” of APD decisions

In another important ruling, the CJEU also made it clear that national courts must be able to exercise what its PR calls “full review” on any legally binding decision of a data protection authority.

Privacy rights group noybwhich has had multiple run-ins with the DPAs over their inability to act on (let alone enforce) complaints, used it as particularly important – calling it “full judicial review” of the DPAs.

“The decision of the CJEU massively increased the pressure on the APD. In some EU member states, including Germany, they have so far assumed that a GDPR complaint by data subjects is simply a kind of “report”. In practice, this means that despite an annual budget of 100 million euros, German DPAs have rejected many complaints with strange justifications and that GDPR violations have not been pursued. In countries such as Ireland, over 99% of complaints were not processed and in France, victims were denied any right to participate in the process regarding their own rights. Some APRs, such as the Hessian authority in this case, have also held that courts are prohibited from reviewing their decisions in detail,” he wrote in a press release responding to the ruling.

“The CJEU has now put an end to this approach. It has been held that Article 77 of the GDPR is designed as a mechanism to effectively protect the rights and interests of data subjects. In addition, the court ruled that Article 78 of the GDPR allows national courts to conduct a full review of DPO decisions. This includes assessing whether the authorities have acted within the limits of their discretion.’

Higher GDPR fines on the way?

The two landmark rulings follow another ruling handed down yesterday by the CJEU (also through, in part, another referral case in Germany), which legal experts suggest could lead to significantly higher penalties for GDPR violations as it reduces requirements for the imposition of fines on legal entities.

Thus, while, in this case (C-807/21), the Court held that unlawful conduct is necessary for a fine to be imposed — that is, that the breach of the GDPR must have been committed “intentionally or negligently” — judges also said that, when the controller is a legal person, it is not necessary that the violation has been committed by its management body, nor is it necessary for that body to be aware of this violation.

They further stipulated that the calculation of any fine requires the supervisory authority to take as a basis the definition of ‘undertaking’ under competition law’ (aka, according to the PR Court, that ‘the maximum amount of the fine must be calculated on the basis of a percentage of the total global annual turnover of the business concerned, taken as a whole, in the previous financial year’ — or, basically, that the revenue of an entire group of companies can be used to calculate a GDPR penalty for an infringement committed by a single unit of this group).

Jan Spittka, a partner at law firm Clyde & Co., predicted that tougher GDPR fines could follow. “The general framework of the decision will make it easier for EU Member States’ data protection supervisory authorities to sanction legal entities and is also likely to lead to significantly higher fines on average,” he suggested in a statement.

“Under this standard, only a detailed and tightly controlled data protection compliance system can put a legal entity in a position to argue that it was unaware of its unlawful conduct in relation to breaches of the GDPR committed by an employee,” he said . “Furthermore, a legal entity can be exonerated if representatives or employees act completely outside the scope of their job description, e.g. when using personal data for private purposes”.

agencies cjeu credit score credit data data protection face judicial review gdpr landmark protection rating restrictions ruling schufa cjeu
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleCambium Closes $19M Series A to Develop Advanced Biomaterials for Next-Gen Hardware
Next Article Bitcoin Continues to Rise, Block Launches Hardware Wallet, Robinhood Expands to EU, and VCs May See Some Relief Soon
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Omen AI’s plan to optimize data centers is all wet

30 June 2026

OpenAI restricts GPT-5.6 release at government request, says restrictions shouldn’t be the norm

29 June 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Netflix invented binge watching. Now he may be over it.

7 July 2026

The ‘first’ ransomware attack run by AI still needed a human

7 July 2026

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.