On 9 October 2023, the Council of the European Union adopted the Consumer Credit Directive, including data protection measures. The Directive outlines the data that covered entities, including creditors, credit intermediaries and providers of crowdfunding credit services, are allowed to process in the creditworthiness assessment process. In particular, the covered entities will be able to process only personal data related to the individual's financial and economic situation, such as financial, income, repayment, financial assets and liabilities data. The personal data of individuals posted on social media platforms and health data will not be allowed to be processed to determine the individual's creditworthiness. Finally, under the Directive, the Member States will require covered entities to inform consumers if they provide personalised offers based on profiling or other automated personal data processing systems.
Original source