ACCIS provided input into the French Data Protection Authority – CNIL – consultation on a reference framework for credit, “Un projet de référentiel sur l’octroi de crédit” due to the importance of the topic and the contribution made by the French DPA. This is despite ACCIS not having a member in France.
In our input, we provided commentary on some of CNIL’s reflections. Importantly, we made the point that credit information is central to the process of responsible lending and that this should be taken into account if CNIL’s work is referenced in other markets. ACCIS added that GDPR is not doing justice to sector-specific regulations. Further, we understand that in the case of France, contractual necessity makes sense as the legal basis since lenders directly perform creditworthiness assessments in France. This legal basis would not suffice in other Member States. In other Member States, credit information suppliers rely on a Code of Conduct pursuant to Article 40 of the GDPR, as is the case in Italy, for example.
In final comments, ACCIS looks forward to CNIL providing illustration of the sufficient steps needed to demonstrate contractual necessity. And, ACCIS also pointed out that there is an important link to be drawn to the revised Consumer Credit Directive.