Description

Adopted Consumer Credit Directive including data protection measures

On 9 October 2023, the Council of the European Union adopted the Consumer Credit Directive, including data protection measures. The Directive outlines the data that covered entities, including creditors, credit intermediaries and providers of crowdfunding credit services, are allowed to process in the creditworthiness assessment process. In particular, the covered entities will be able to process only personal data related to the individual's financial and economic situation, such as financial, income, repayment, financial assets and liabilities data. The personal data of individuals posted on social media platforms and health data will not be allowed to be processed to determine the individual's creditworthiness. Finally, under the Directive, the Member States will require covered entities to inform consumers if they provide personalised offers based on profiling or other automated personal data processing systems.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
digital payment provider (incl. cryptocurrencies), other service provider
Implementation Level
supranational
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2021-06-30
under deliberation

On 30 June 2021, the European Commission presented a proposal for a Directive of the European Parli…

2022-12-02
under deliberation

On 2 December 2022, the European Council and European Parliament reached a provisional agreement on…

2023-10-09
adopted

On 9 October 2023, the Council of the European Union adopted the Consumer Credit Directive, includi…

2023-11-19
in grace period

On 19 November 2023, the Consumer Credit Directive, including data protection measures, entered int…

2026-11-20
in force

On 20 November 2026, the Consumer Credit Directive, including data protection measures, was impleme…